Richard E Overill & Jantje A M Silomon Department of Informatics, King’s College London K P Chow & Y W Law Department of Computer Science, University of.

Slides:



Advertisements
Similar presentations
Collaboration Model for Law Enforcement X-Ways Investigator (investigator version of X-Ways Forensics)
Advertisements

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
GCSE ICT Computers and the Law. Computer crime The growth of use of computerised payment systems – particularly the use of credit cards and debit cards.
ICDFI 2013 Keynote Speech 1: Quantifying Likelihood in Digital Forensic Investigations Dr Richard Overill Department of Informatics, King’s College London.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Security, Privacy, and Ethics Online Computer Crimes.
Software Metrics II Speaker: Jerry Gao Ph.D. San Jose State University URL: Sept., 2001.
Technology for Computer Forensics by Alicia Castro.
Multimedia Security Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Nov 20, 2002 Department of Computer.
Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Role of Technology in Combating Crime Against Woman and Children Presented by Detective Constable Janelle Blackadar Child Exploitation Section Toronto.
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Threats to I.T Internet security By Cameron Mundy.
1 CRIMINAL LAW (FORENSIC PROCEDURES) AMENDMENT BILL [B ]: ISSUES FOR CONSIDERATION AND COMPARATIVE ANALYSIS 6 October 2009 Sueanne S. Isaac.
Issues Raised by ICT.
Submitted by: Abhashree Pradhan CA (1)
Cyber Crimes.
Is there a place for altruism in an electronic society? Katie MacLure Lynsey Nicol Hafiz Lawal.
P2P Networking for Consumer Electronics (CE) Devices November 12, 2005 Eunsoo Shim Greg Perkins Panasonic Digital Networking Laboratory P2P SIP Ad-hoc.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Section 6 Theory Software Copyright, Viruses and Hacking.
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective.
Digital Crime Scene Investigative Process
SEMINAR ON CYBER CRIME PRESENTED BY: SUCHISMITA RATH 1 st sem, MCA Roll no: ITER,BBSR.
Intellectual Property Department, Hong Kong SAR Government1 Public Discussion Forum on Review of Certain Provisions of the Copyright Ordinance Session.
CYBER CRIME.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
By: TARUN MEHROTRA 12MCMB11.  More time is spent maintaining existing software than in developing new code.  Resources in M=3*(Resources in D)  Metrics.
Intellectual Property in Peer-to-Peer Networks Artsiom Yautsiukhin Natallia Kokash Intellectual Property Law, 18 October 2005.
Cyber Security Action against cyber crime. What is cyber security?  Cyber security standards are security standards which enable organizations to practice.
Computer Security Hacking, Phishing, Passwords Kausalya S. And Sushil Mujumdar (CCCF) 04 - Aug - 15.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
Technology in Computer Forensics  Alicia Castro  Thesis Defense  Master of Software Engineering  Department of Computer Science  University of Colorado,
Quantification of Digital Forensic Hypotheses Using Probability Theory Richard E Overill & Jantje A M Silomon King’s College London Kam-Pui Chow & Hayson.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
 It is a branch of FORENSIC SCIENCE for legal evidence found in computer  It refers to detail investigation of the computers to carry out required tasks.
October 21, 2008 Jennifer Q.; Loriane M., Michelle E., Charles H. Internet Safety.
ITVP Platform: delivering interactive TV services over IP networks Miroslaw Czyrnek
CYBER CRIMES PREVENTIONS AND PROTECTIONS Presenters: Masroor Manzoor Chandio Hira Farooq Qureshi Submitted to SIR ABDUL MALIK ABBASI SINDH MADRESA TUL.
Internet crime By: Brandon Murphy & Cameron Martin.
Slide 1 UCL JDI Centre for the Forensic Sciences 21 March 2012 Norman Fenton Queen Mary University of London and Agena Ltd Bayes and.
Cybercrime What is it, what does it cost, & how is it regulated?
Computer System and Internet Misuse at the Work Place By: Kris Dimon.
Social Network Forensic By Xing Liu CSC153 Spring 2009.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor.
Company LOGO User Authentication Threat Modelling from User and Social Perspective “Defending the Weakest Link: Intrusion.
WELCOME TO THE CYBER WORLD PRESENTATION ON CYBER CRIME Presented by Chandan kumar Regd no
Whats it all about?.  C omputer crime refers to any crime that involves a computer and a network. The computer may have been used in the commission of.
Cybercrime Courses 1.Child Protection Software 2.Forensic Scan 3.Internet For Investigators 1.Intelligence Gathering On The Internet (Open Source) 1.Covert.
Issues for Computer Users, Electronic Devices, Computer and Safety.
Case Brief Gregory Morton William Campbell Dave Wildner.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Investigations 2016 First semester [ 12 week ]-Forensic Analysis of the Windows 7 Registry.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Creighton Barrett Dalhousie University Archives
Backdoor Attacks.
Seminar On Cyber Crime Submitted To: Submitted By:
Introduction to Computer Forensics
Risk of the Internet At Home
Extract and Correlate Evidences in Computer Forensics
Presentation transcript:

Richard E Overill & Jantje A M Silomon Department of Informatics, King’s College London K P Chow & Y W Law Department of Computer Science, University of Hong Kong Quantitative Plausibility of the Trojan Horse Defence against Possession of Child Pornography

Synopsis Trojan Horse Defence Possession of Child Pornography Digital Forensic Sub-hypotheses Evidential Traces Recovered Enhanced Complexity Model Trojan Horse Model Complexities & Posterior Odds Conclusions & Further Work

Trojan Horse Defence First reported use in the UK October 2003 (Aaron Caffrey, 19, Port of Houston hack) It concedes that the offence was committed, but contends that it was not by the defendant (Some Other Dude Did It - SODDI) In the absence of other evidence (e.g. DNA, fingerprint) tying defendant to crime scene, it requires the prosecution to prove a negative – that there was no Trojan Horse in operation at the material time

Possession of Child Pornography Trojan Horse Defence is highly successful globally in countering prosecutions of various e-crimes, including possession of child pornography (CP) (HK) law enforcement generally requires at least five items of digital CP before bringing charges

Digital Forensic Sub-hypotheses (Prosecution) Downloading of CP has been performed –three alternative possibilities: browser, , peer-to-peer (P2P) –this study models browser download Copying of CP has been performed –two alternative possibilities: USB and CD/DVD –this study models USB device Viewing of CP has been performed

Evidential Traces Recovered (I) CP (image/video) on computer Internet history / cache from downloading Credit card payment to CP website Metadata on computer matched CP website USB device was plugged into the computer CP on computer matched that on USB device

Evidential Traces Recovered (II) Modified timestamp predates created timestamp of CP Image / video viewing tools on computer CP displayed by image / video viewing tools Access timestamp postdates created timestamp of CP

Enhanced Complexity Model (Hypotheses & Model) Hypotheses: the more complex a process is, the less likely it is to happen without user awareness effort to implement and integrate TH software components must be taken into account Model process complexity using: computational complexity (CC) GOMS Keyboard Level Model (KLM) Halstead’s Effort (E) metric

n 1 – number of distinct operators n 2 – number of distinct operands N 1 – total number of operators N 2 – total number of operands Program vocabulary n = n 1 + n 2 Program length N = N 1 + N 2 Program volume V = N × log 2 n Programming difficulty D = (n 1 × N 2 )/(2 × n 2 ) Programming effort E = D × V

Enhanced Complexity Model (Processes) For process i: p i  [ CC i + KLM(CC) i + E i + KLM(E) i ] -1 For two mutually exclusive processes i and j, the ‘posterior odds’ of process i over process j: O(i:j) = Pr(H i |E) / Pr(H j |E) = p i /p j

Trojan Horse Model Simplest possible system that produces all of the requisite evidential traces and no others: an electronic, random framing attack Lower bound on complexity implies upper bound on plausibility of Trojan Horse defence Consists of: – Dropper – Installer / Uninstaller – Payload (inc. keylogger, string search algorithm)

Complexities & Posterior Odds OCMECM Non-TrojanTrojanNon-TrojanTrojan CC11,569,21619,232,35511,569,21619,232,355 KLM(CC)1,730― ― E―――13,850,047 KLM(E)―――1,381,959 Total11,570,94619,232,35511,570,94634,464,361 OCMECM Unprotected computer % protected computer

Conclusions Potential significance for both prosecution and defence sides when assessing their own worst case scenario and their opponents’ best case scenario For an unprotected computer, posterior odds do not favour a successful criminal prosecution For a protected computer, posterior odds strongly favour a successful criminal prosecution Off-the-shelf Trojan models (OCM) are not much harder to prosecute than bespoke ones (ECM)

Further Work DOCM – ‘de-parameterised’ OCM, independent of file size N BOCM – ‘buffered’ OCM, with file buffer of length N B, filled/flushed with N F operations, so a block-copy requires N F ⌈ N/N B ⌉ operations Modelling degree of motivation, capability/skill level, opportunity/lack of deterrence Expand model beyond current computer platform (PC with Win-XP & IE browser)

Acknowledgement Testwell for the grant of an evaluation licence for their CMT++ Complexity Measures Tool for C/C++ to calculate the Halstead E metric US ONR MINERVA programme “Strategy and the Network Society” research grant UK EPSRC Overseas Travel Grant

Thank you! Questions? Comments? Richard E Overill

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.