IMCA and OCIMF London Shipping Week Cyber Security Seminar

Just how easy is it to hack into a ship control system? Delegates at the International Marine Contractors Association (IMCA) and Oil Companies International Marine Forum (OCIMF) Cyber Security Seminar ‘Ship control systems: ‘Designed in’ cyber security protection should be standard’, being held on 12 September during London Shipping Week, will be able to find out during the post-conference reception.

“Informed knowledge suggests ‘Don’t think ­if I get hacked; think when I get hacked’ – we must all be prepared for those ‘when’ moments and know what action we can take. Forewarned is forearmed,” explains IMCA’s Technical Director, Richard Benzie. “An expert will be joining us during the reception to demonstrate on computer hardware, as used on a vessel, just how hacking can take place.

“This will be after a busy afternoon during which we will be covering the threat update; cyber security in offshore contractor vessel operations and from the perspective of a tanker operator; and the views from equipment manufacturers and classification societies on how best to address cyber security issues, particularly when dealing with third party access to vessel systems. These presentations will be followed by a panel debate; and work stream outputs resulting from the afternoon’s presentations and discussions.

“It is envisaged that discussions at the Seminar may lead to the establishment of an industry project on guidelines for third-party access procedures. Delegates will also benefit from updates on the latest threats, protection and response measures and sharing of expertise from across the industry.”

The Seminar, which is being held at the De Vere Conference Rooms in Canary Wharf, London will be attended by vessel operators/owners – vessel masters, data protection administrators, company and ship security officers – OEMs (vessel equipment suppliers), consultants and other service providers.

The full programme is available on the IMCA website at www.imca-int.com/events and from https://londoninternationalshippingweek.com/. Those eager to attend the free-of-charge seminar should contact events@imca-int.com or phone +44 (0)20 7824 5523.

Further information on IMCA and its work on behalf of the offshore marine construction industry is available from www.imca-int.com and imca@imca-int.com. The association has LinkedIn and Facebook groups and its Twitter handle is @IMCAint

(35)

Share

Raiffeisen Bank malware is phishing for your login credentials

Researchers have stumbled upon a new phishing campaign targeting Raiffeisen Bank customers. The attack is based on the infamous Android banking Trojan, MazarBot, which has previously been distributed via SMS, email spam and numerous fake pages. The campaign seeks to trick people into filling in their logging credentials in a bogus page, which looks absolutely identical to the original Raiffeisen site.

Please see below for some thoughts on this from Leigh-Anne, Galloway, Cyber Security Resilience lead at Positive Technologies:

“This type of attack relies on a phishing campaign to spread the malware. The attackers have scraped website content and bought a domain that looks similar to the real banking website.

“It’s important for users to check the website address (URL) to make sure this is consistent with the real bank. A lot of these types of attacks rely on the fact that a mobile browser will not display the full URL of the website, as we can see in this case the first part of the domain seems very similar to the actual bank website. Remember it is very unlikely that any reputable company will ask you via email to make a bank transfer or provide personal information via email. Browse the website checking that all the page’s work, look at the language used on the page. If it seems off, or there are misspellings then trust your instinct and don’t use the website. Never download applications from untrusted sources and always check the permissions before installing. ”

(67)

Share

Cyber Body Language

By FADI ABU ZUHRI

INTRODUCTION

For several hundreds of years, official agencies have been studying techniques and mechanisms to identify individuals. They started off by passports and identity cards and later developed to more controversial schemes like DNA profiling and body surveillance (Caplan & Torpey, 2001). It is estimated that there are 39 million web servers worldwide that host 3 billion indexable web pages with 20 billion links. There is an ever increasing surveillance by government as well as telecom operators at the cost of privacy of netizens (Batty, 2003). Technological advances in identity and behaviour mapping have become more daring in the recent times. The handheld mobile phones and other gadgets have made it possible for businesses get to know about the behaviour of the people and allow them to gather vital information that can help them reach out to these users. Phone manufacturers, software developers and internet search engines are now able to detect the behaviour and interests of the users through integrated algorithms and computing devices. Cyber Body Language is best understood as “Context-Awareness” where a device or software is designed, primarily or partly, to analyse the behaviour or pattern of the users and apply information gathered to automatically assert products, services, or other purposes such as security monitoring. This article covers the implications of Cyber Body Language’s Context-Awareness and how it will affect the users in terms of privacy, finances and consumption. The review of related literature discusses Cyber Body Language, Context-Awareness, Context-Awareness Computing, Privacy, Geolocations and Targeted Ads through personalized hypermedia application.
CYBER BODY LANGUAGE

According to Oracle (2014), Cyber Body Language or “Digital Body Language” is similar to facial expression or behaviour a user makes when interacting in the cyber world. In an online equivalent, these behaviours and expressions could be web browsing history, download history, web searches and online communication. This behaviour is the raw data that provides informaton about the user’s interests, needs and so on. Even the schedule of the user’s online presence can be useful information for the organizations monitoring the user’s behaviour (Oracle, 2014). The transformative shift of physical activities such as online shopping transactions had created a marketing challenge of comprehending online consumer behaviour (Woods, 2009). Oracle (2014) stated that marketing and sales operations need to be adapted to ensure that it is ContextAware or able to comprehend the Cyber Body Language of the consumers. It is imperative that the organization must first have a broad understanding of the impact of the shift and how all the processes came to change with it. An organization must be well-equipped with the necessary technology and infrastructure to be able to synthesize the information based on the consumer behaviour. (Oracle, 2014)

CONTEXT-AWARENESS

Dey (2001) defined context as any data that can be utilized to describe the environment of an entity. According to him, an entity can be the user, location or a thing that is significant in the domain of the application or software (Dey, 2001). On the other hand, Context-Awareness is defined as someone who is the user of the information. In such as case, a system is said to be Context-Aware when it has the ability to gather and synthesize the context information and apply it in the improvement and adaptability of the device (Byun & Cheverst, 2004). Context-Awareness is aimed to provide efficiency and usability of service offered to the users and this is only possible through being flexible and aware of the changing behaviors of the users (Bolchini, Schreiber, & Tanca, 2007; Dey, 2001; Zhu, Mutka, & Ni, 2005). It has been said that context played a very crucial role because it is built up from user information and included data on status, location and interests (Korpipää, Mäntyjärvi, Kela, Keränen, & Malm, 2003; Kwon, 2004).
CONTEXT-AWARENESS COMPUTING

In understanding Cyber Body Language, there were Context-Aware Systems developed that take advantage of user behaviour. Context-Aware Systems gather context, analyse such context gathered and then with the information acquired is used to customize the system based on the behaviour or changing situation of the user (Khattak et al., 2014).
Facebook plans to figure out the emotional state of the users. It files a stir of patents that try to find out our emotions. One of the patents is Augmenting Text Messages with Emotion Information which involves decorating the text messages to fit the people’s moods. Therefore, Facebook intends to join some features with words to show the impressions of the sender (Vaas, 2017). The other proposed Emotion-Reading patent is Techniques for Emotion Detection and Content Delivery. It plans to own its path to the cameras on our phones, tablets, and laptops by observing us as we peer at the screens. Another Emotion-Gleaning technology has been described where one will generate emojis based on the user’s facial Expression. These types of technology tools can be used by the marketers to gauge the reaction of the consumers and cater to them (Vaas, 2017). In short, Context-Aware Systems are made to adapt their systems in accordance to the context of the user without their active participation in such changes (Khattak, et al., 2014). The development of these Context-Aware Systems synthesizes the behaviour and environment of the user with an aim to ensure that such systems will continually be usable and effective throughout time (Baldauf, Dustdar, & Rosenberg, 2007; Khattak, et al., 2011; Chen, Nugent, & Wang, 2012). Context-Aware Systems are becoming more popular and have been developed into diverse domains or interface such as Location-Based Systems (Want, Hopper, Falcão, & Gibbons, 1992), Context-Aware file system (Hess & Campbell, 2003), Context-Aware Security (Covington, Fogla, Zhiyuan, & Ahamad, 2002), Context-Aware Activity Recognition (Khattak, et al., 2011), Context Based Searching (Ding, et al., 2004; Khattak, Ahmad, Mustafa, Pervez, Latif, & Lee, 2013), and Intelligent Healthcare Systems (Khattak, Ahmad, Mustafa, Pervez, Latif, & Lee, 2013; Khattak, Pervez, Lee, & Lee, 2011; Hussain, et al., 2013; Khattak, Pervez, Han, Lee, & Nugent, 2012). Nowadays, the use of Context-Aware Systems has become commonplace and part of everyday life for users of the cyber world. In fact, Cyber Behaviour sensing and computing devices are known to have been already installed in most smart devices (Khattak, Ahmad, Mustafa, Pervez, Latif, & Lee, 2013; Khattak, Pervez, Lee, & Lee, 2011; Han, Vinh, Lee, & Lee, 2012).
The context gathered from the users is classified as internal or external (Hofer, Schwinger, Pichler, Leonhartsberger, & Altmann, 2013). But the quality of information derived by the Context-Aware Systems is not dependent on whether it is internal or external. Such systems are designed to acquire and synthesize context in order to make it useful and effective for further processing (Baldauf, Dustdar, & Rosenberg, 2007; Han, Vinh, Lee, & Lee, 2012). Another domain of Context-Awareness is a personalised hypermedia application. It is a hypermedia system which, like any Context-Aware Systems, applies the information, structure and the physical attributes of the networked hypermedia objects to the user’s environment, characterization and behaviour. This Context-Aware domain is considered as an interactive system. This means that users are allowed to navigate a network of linked hypermedia objects. Examples of hypermedia are the web pages which contain various media types like text, photos, videos, clips, applications and other similar elements. (Kobsa, Koenemann, & Pohl, 2001)

PRIVACY

User behaviour in the internet has become subject to breach of privacy and security. Smith et al. (1996) enumerated the four instances where the issue of privacy concerns arise, to wit: the gathering of personal information, unapproved indirect use of personal information, supplying of wrong personal information, and unauthorized access to personal data (Stewart & Segars, 2002). These concerns in online marketing are being applied in the same regards like collection of the personal information, storage and control of these information and observance of the privacy practices and use such data in a way that promotes marketing without breaching the sensitive line of privacy (Malhotra, Kim, & Agarwal, 2004). On the other hand, most consumers are concerned on the unapproved indirect use of data and the supplying of wrong personal information (Brown & Muchira, 2004). There will be a possibility that the consumer may lose his trust to the vendor when the latter insisted on getting the information evoking privacy concerns (Camp, 2003). Google and Microsoft argue that it has the right to scan all emails passing through its systems. This means that Google can read keywords that can trigger relevant advertisements (Schofield, 2013). Facebook has a privacy setting to allow users to stop the collection of behavioural information. However by default this is set to allow the collection of private information. Even if one were to opt out, it does not stop advertisements on Facebook (Smith L. , 2016).
There are various instances that are possible to happen in terms of breaching of privacy with the utilization of Cyber Body Language . Context-Aware Systems are made smart and adaptable, mostly users are caught off guard, but their behavioural patterns are already studied in the furtherance of the systems they use. Most of the time, this Context-Aware devices are useful, but unauthorized access or misused of the data gathered from the user might post a security threat. Although there may be concerns that Context-Aware Systems can be very damaging to the privacy of the user, it should also consider that these Context-Aware Systems can also provide security. This way, the Context-Aware Systems can intelligently analyse the behaviour of the user, assess the possible breach of security and synthesize those information to strengthen the security systems. According to Milne and Gordon (1993), the collection of such Personal Information called for the proper treatment as it is considered to be an “Implied Social Contract” with the consumer. The consumer has a right to sue and be entitled with compensation if there such an instance where his trust has been breached by the vendor (Solove, 2006). Because of this, the vendor is always required to ensure that he observed fair information practices to guarantee the consumer that his personal information is well-respected and well-preserved (Culnan, 2000; Dinev & Hart, 2006).
GEOLOCATIONS

One of the domains of Context-Aware Services popularly applied is the location-based services. These services are usually present in mobile services that follow the location of their users (Rao & Minakakis, 2003) which basically the primary market of the Context-Awareness. One location-based services application widely used is the Geo-Fencing and also its allied services like a notification signal wherein it reminds user when it enters a certain area like a nearby police station or school grounds. (Namiot, 2013) According to Rivero-Rodriguez et al. (2016), there can be issues or problems can arise from the inability to secure location privacy in an Location-Based Context-Aware environment One of the issues in location-enabled aware device is the spamming where the user is barraged by advertisements of the products or services from businesses. The second issue is the threat to personal safety of the user where he can be easily targeted of harassment, assault or any crime because his location is easily traced. The last issue is the ability of other users to access the spatio temporal information of a user where their Privacy, Personal Information, Religious and Political views are located. (Rivero-Rodriguez, Pileggi, & Nykänen, 2016)
TARGETED ADS

Advertisements are targeted to users that meet certain behavioural characteristics. An example of this is the tool created by Cambridge University called “Apply Magic Sauce” which is said to predict the Psycho-Demographic profile of the user based on the footprints left on the social media like Twitter and Facebook. This is developed to give specific perception on the behaviour, personality, attitude, interest and level of interest of the user (Psychometric Centre of University of Cambridge, 2017). Another tool called “Crystal” is also created to predict the profile of a user by analyzing the email history and LinkedIn profile of a user. This tool can also be used against the email contacts to analyse their behaviour for the user will have a perception of his contact’s behaviour or character. The main objective of this tool is for the user to become a good communicator (Crystal Project Inc., 2017).
CONCLUSION

The use of Cyber Body Language is just a result of the evolutionary process of computing systems were user’s patterns and behaviors are studied to become the trigger points for enhancement, upgrade or replacement of system installed. This adaptability mechanism of devices has been developed really well to read Cyber Body Languages that it became a source of concern for all. Because most users had already experienced how it can exploit, harass, bombard or sneak into the personal space where security and privacy is at great risk. However, it cannot be discounted that the utilization of Cyber Body Languages is a mine-field for discoveries that can help continuously upgrade and advance technologies without explicit participation from the users. Thus, its usage must be regulated, keeping in mind the age old respect of one’s privacy and personal space.
REFERENCES

1. Baldauf, M., Dustdar, S., & Rosenberg, F. (2007). A Survey on context-aware systems. Int. J. Ad Hoc Ubiquitous Comput , 263-277. 2. Batty, M. (2003). The Next Big Thing: Surveillance from the Ground up. Environment and Planning B: Urban Analytics and City Science , 30 (3). 3. Bolchini, C., Schreiber, F. A., & Tanca, L. (2007). A methodology for a very small database designs. Information Systems , 61-82. 4. Brown, M., & Muchira, R. (2004). Investigating the Relationship between Internet Privacy Concerns and Online Purchase Behavior. Journal of Electronic Commerce Research , 62-70. 5. Camp, L. J. (2003). Design for trust. In R. Falcone, Trust, Reputation and Security: Theories and Practice,. Springer-Verlang. 6. Caplan, J., & Torpey, J. (2001). Documenting Individual Identity: The Development of State Practices in the Modern World. Princeton, NJ: Princeton University Press. 7. Chen, L., Nugent, C., & Wang, H. (2012). A knowledge-driven approach to activity recognition in smart homes. IEEE Transactions on Knowledge and Data Engineering , 961–974. 8. Covington, M., Fogla, P., Zhiyuan, Z., & Ahamad, M. (2002). A context-aware security architecture for emerging applications. 18th Annual Computer Security Applications Conference, (pp. 249-258). Las Vegas, NV. 9. Crystal Project Inc. (2017). Crystal. Retrieved May 15, 2017 from Crystal Knows: https://www.crystalknows.com/ 10.Culnan, M. J. (2000). Protecting Privacy Online: Is Self-Regulation Working? . Journal of Public Policy and Marketing , 20-26. 11.Dey, A. K. (2001). Understanding and using context. Personal and Ubiquitous Computing , 4-7. 12.Dinev, T., & Hart, P. (2006). An Extended Privacy Calculus Model for E-Commerce Transactions. Information Systems Research , 61-80. 13.Ding, L., Finin, T., Joshi, A., Pan, R., Scott Cost, R., Peng, Y., et al. (2004). Swoogle: A search and metadata engine for the semantic web. 13th ACM International Conference on Information and Knowledge Management, , (pp. 8-13). Washington, DC. 14.Han, M., Vinh, L., Lee, Y., & Lee, S. (2012). Comprehensive context recognizer based on multimodal sensors in a smartphone. Sensors , 12588–12605. 15.Hess, C., & Campbell, R. (2003). An application of a context-aware file system. Personal and Ubiquitous Computing , 339–352. 16.Hofer, T., Schwinger, W., Pichler, M., Leonhartsberger, G., & Altmann, J. (2013). Context-awareness on mobile devices-The hydrogen approach. 36th Annual Hawaii International Conference on System Sciences, (pp. 6-9). Big Island, HI, USA. 17.Hussain, M., Khattak, A., Khan, W., Fatima, I., Amin, M., Pervez, Z., et al. (2013). Cloud-based Smart CDSS for chronic diseases. Health Technology , 153-175. 18.Khattak, A. M., Akbar, N., Aazam, M., Ali, T., Khan, A. M., Jeon, S., et al. (2014). Context Representation and Fusion: Advancements and Opportunities. Sensors , 9628– 9668. 19.Khattak, A., Ahmad, N., Mustafa, J., Pervez, Z., Latif, K., & Lee, S. (2013). Contextaware Search in Dynamic Repositories of Digital Documents. 16th IEEE International Conference on Computational Science and Engineering (CSE 2013), (pp. 3-5). Sydney, Australia. 20.Khattak, A., Pervez, Z., Han, M., Lee, S., & Nugent, C. (2012). DDSS: Dynamic decision support system for elderly. 25th IEEE International Symposium on Computer-Based Medical Systems (CBMS 2012), (pp. 20-22). Rome, Italy. 21.Khattak, A., Pervez, Z., Lee, S., & Lee, Y. (2011). Intelligent healthcare service provisioning using ontology with low-level sensory data. KSII Transactions on Internet and Information Systems , 2016–2034. 22.Khattak, A., Truc, P., Hung, L., Vinh, L., Dang, V., Guan, D., et al. (2011). Towards smart homes using low level sensory data. Sensors , 11581–11604. 23.Kobsa, A., Koenemann, J., & Pohl, W. (2001). Personalised hypermedia presentation techniques for improving online customer relationships. The Knowledge Engineering Review , 111-155. 24.Korpipää, P., Mäntyjärvi, J., Kela, J., Keränen, H., & Malm, E. J. (2003). Managing context information in mobile devices. IEEE Pervasive Computing , 42-51. 25.Kwon, O. B. (2004). Modeling and generating context-aware agent-based applications with amended colored petri nets. Expert Systems with Applications , 609-621. 26.Malhotra, N., Kim, S. S., & Agarwal, J. (2004). Internet Users’ Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model. Information Systems Research , 336-355. 27.Milne, G. R., & Gordon, M. E. (1993). Direct mail privacy-efficiency trade-offs within an implied social contract framework. Journal of Public Policy Marketing , 206–215. 28.Namiot, D. (2013). GeoFence Services. International Journal of Open Information Technologies , 30-33. 29.Oracle. (2014). Digital Body Language: Reading and Responding to Online Digital Body Behaviors. Digital Body Language Guide . 30.Psychometric Centre of University of Cambridge. (2017). Facebook and Twitter Prediction. Retrieved May 15, 2017 from Psychometric Centre of University of Cambridge: https://applymagicsauce.com/demo.html 31.Rao, B., & Minakakis, L. (2003). Evolution of Mobile Location-based Services. Commun. ACM , 61-65. 32.Rivero-Rodriguez, A., Pileggi, P., & Nykänen, O. A. (2016). Mobile Context-Aware Systems: Technologies Resources and Applications. International Journal of Interactive Mobile Technologies , 25-32. 33.Schofield, J. (2013, August 15). Is Gmail secure enough for my private emails? Retrieved 2017 from https://www.theguardian.com/technology/askjack/2013/aug/15/gmail-googleemail-privacy 34.Smith, H. J., Milberg, S., & Burke, S. (1996). Information privacy: Measuring individuals’ concerns about organizational practices. MIS Quarterly , 167-196. 35.Smith, L. (2016, June 3). You Need to Update Your Facebook Privacy Settings — Again. Retrieved 2017 from http://www.goodhousekeeping.com/life/news/a38801/targetedfacebook-ads-privacy-settings/ 36.Solove, D. J. (2006). A Taxonomy of Privacy. University of Pennsylvania Law Review , 477. 37.Stewart, K. A., & Segars, A. H. (2002). An empirical examination of the concern for information privacy instrument. Information Systems Research , 36-49. 38.Vaas, L. (2017, June 12). Facebook wants to feel your pain (and your joy). Retrieved 2017 from https://nakedsecurity.sophos.com/2017/06/12/facebook-wants-to-feel-yourpain-and-your-joy/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed %3A+nakedsecurity+%28Naked+Security+-+Sophos%29 39.Want, R., Hopper, A., Falcão, V., & Gibbons, J. (1992). The active badge location system. ACM Transactions on Information Systems , 91-102. 40.Woods, S. (2009). Digital Body Language: Deciphering Customer Intentions in an Online World. Danville, CA: New Year Publishing. 41.Zhu, F., Mutka, M. W., & Ni, L. M. (2005). Service discovery in pervasive computing environments. IEEE Pervasive Computing , 81-90.

(330)

Share

Challenges faced by Cyber Forensic Investigator – Concepts and Techniques

By FADI ABU ZUHRI

INTRODUCTION

This paper looks at the techniques and tools used by Cyber Forensic Investigators in various scenarios that prove to be quite challenging. Cyber Forensic Investigators are tasked with presenting digital evidence to the courts. The courts would only accept evidence that is based on reliable principles and methods. One therefore needs to have a way to distinguish reliable techniques from unreliable ones. For example, certain groups consider evidence from astronomy reliable while evidence from astrology is not considered reliable even though they both use the same tools – star charts, planetary positions, telescopes, etc. Cyber Forensic techniques and tools need to be evaluated for reliability before presenting to the courts.

LIVE FORENSICS

Live forensic is mostly applied when the item under investigation is rather too large to be represented practically by imaging (Karie & Venter, 2015). Also, there are situations where the system that is to be investigated is too big to be broken down for postmortem. There also occurs a situation where the computer that is to be investigated is very far away from the Cyber Forensic Investigator. This entire situation will have required the technique of live forensics to be applied. However, the whole case does not mean that one would have to download all these details from a remote location since this will require a more sophisticated network to perform this operation (Christopher, 2006). Additionally, there are cases where the aspect of capture cannot be used for the purpose of postmortem analysis for example memory contents, open ports and other operating aspects of a running computer. In this case, it is advisable that one should use court tested methods to avoid a situation where you will be required to prove the viability of the method in question. According to Peter (2005), the most used situation where the assistance of live forensics is required is in the cases of digital forensic incidence response where it is used if one has an understanding of what is in the memory, what is being communicated out by the computer and what processes and ports are running.
There has been the migration of organization’s data to storage in the cloud at a high rate by various corporations. Many decision makers of technology have invested their businesses in the cloud services. Based on the experience of the organizations, there are three main challenges that one ought to overcome to perform sound data collection in the cloud. Firstly, it is easy to get in, but hard to get back the organization’s data out once it has been drawn to the cloud. Secondly, data protection laws are different in various countries. Thirdly, Office 365, which is seeing a growing adoption among organizations, are inadequate for large-scale collection creating a great challenge for data collection (Barocchini & Maccherola, 2017).

DATA RECOVERY

Reliable methods of data recovery are critical for any Forensic Investigator as the situation of losing data is sometimes inevitable during criminal investigations (Rogers & Seigfried, 2014). For any Cyber Forensic Investigator, information is key and therefore it is highly recommended that measures are put in place to ensure that information can be recovered once lost. In case the information is lost, effective methods of data recovery should be put forward. For example, when one loses a file that he or she has no extra copy of; it would really be easy for them to recover the file if the file were recent and not overwritten. The methods to be deployed in the process of data recovery depend on whether one wants to get the data in in-depth or just a copy of the file. For the case of the whole file, it is possible to recover the file by bookmarking the file as you analyze them bit by bit as you go just like in document forensics (Karie & Venter, 2015). For the case of a copy of the file, computer forensics allows one to get the file from the Image as a stand-alone file.

RECOVERING POTENTIALLY OVERWRITTEN FILES

Digital storage is designed in such a way that when one deletes a file, it stays saved in the digital memory to allow natural restoration of the file. But there is a situation, mainly as a result of disk fragmentation, which could result in this particular data being lost. Fragmentation results in the overwriting of this particular files and it would be possible to recover these files using the file table (Samy et al., 2017). The file table is what determines the way files are stored physically within that particular storage. If the data has been partially overwritten, it will be possible to recover the data by reconstruction of the file header. If the file header has been overwritten, file carving is used (Rogers & Seigfried, 2014).

PASSWORD RECOVERY

Passwords are put in place to ensure data security, and there comes a time when the password itself becomes a threat to data security. For this reason, it is important that measures for password recovery should be in place. The process may be easy or hard depending on the type of password that is being recovered (Bennet, 2012). The easiest way to password recovery is the dictionary. This tool assumes that the passwords are a dictionary and through trial and error the appropriate password is found. After the dictionary attack, hash or password replacement is the next step of password recovery. This case does not apply to all situations given that other systems are complex. If the dictionary attack is not successful in password recovery, then another process called brute force can be used. This process is a widely known password recovery process but is time consuming. The time factor here is determined by the number of possible combination in order to receive the actual password that is required.

FORENSIC IMAGE ANALYSIS

Forensic Image Analysis uses search indexing and file filtering techniques. Index search technique is used in where the data has been grouped into various categories using the index. Digital devices store data using the index for the purpose of aiding people to retrieve data. The file filtering tool, on the other hand, uses hashes to gain access to the necessary files (Karie & Venter, 2015). The general idea about forensic image analysis lies in the various tools that are used for this challenge. The most used tool is the search tool which includes two types of search. Index search is the easiest form of search that involves the search of the database. When an application is processing the disk for image analysis, it creates then indexes table in the back-end database. Searching of the image will be done through the aid of this particular index. The second technique that is applied is the file filtering. The file filtering tool uses hashes to gain access to the necessary files. This method works by eliminating the undesirable item and select those that the forensic investigator prefers (Simon & Choo, 2014).

CRYPTANALYSIS AND STEGANALYSIS

Steganalysis is the process of finding hidden data within digital objects. This is similar to cryptanalysis applied to cryptography. Information can be hidden in messages, images, or file within another message (Otair, 2015). The idea of encryption has always been a major obstacle to most of the Cyber Forensic Investigators since they are very hard to break and also due to the fact that not all encryption is the same. The process of encryption is usually done by an application which most of the time leave trails of plaintext behind. These plain texts are hard to find, yet they provide all the necessary requirements to break encryption. The first step towards breaking encryption is to identify the type of application that has been used. Some applications are good in deleting all traces of plain text, but it would be still possible to break the encryption if the plaintext was saved elsewhere of even in another version. The next step is you identify the weakness of the application that has been used for encryption then you exploit the weakness then you can finally access the file if you know the file name (Quick & Choo, 2016).

FORENSIC NETWORK ANALYSIS

Sniffing is the process of analyzing all the data that passes through a given network. Sniffers are available as open-source, commercial and more sophisticated ones (Dykstra & Sherman, 2013). For sniffers to work in a particular network, it must be configured in promiscuous mode allowing them to receive network traffic even if not addressed to this particular Network Interface Cards (NICs) (Gordon, 2016).

BIG DATA

The challenge of big data is to try to isolate the useful data from the vast amounts of data available. In forensics, big data is randomly distributed as compared to simple data, which is stratified, and its analysis requires just simple methods of data mining. After separation of the data, cluster analysis is the step that follows. Cluster analysis involves using a given criteria to try to group the data in an orderly manner depending on the attributes of the data (Rogers & Seigfried, 2014). The criteria that will be used in the grouping will be up to the efforts of the Cyber Forensic Investigator. Another method that is very vital here is detection, which looks at the data in a perspective which is different from that of the Cyber Forensic Investigator. The last approach is independencies which use some rule to try to find the various relationships of the data that interest the Cyber Forensic Investigator (Gordon, 2016).

SAFE ANALYSIS OF MALWARE

Cyber Forensic Investigators need to identify and if possible, eliminate all imminent dangers posed by malware before analyzing digital evidence. The most common method used for this particular challenge is sandboxing. Sandboxing involves creating a virtual machine on the physical computer that can be operated in the computer as a separate entity (Rogers & Seigfried, 2014). Which this approach, it will be possible for one to undertake high-risk activities using the virtual machine and deal will eliminate the malware that pose a threat to the work being done by the Cyber Forensic Investigator. According to Samy et al. (2017), the sandboxing tools also have the capability of encapsulating a computer in web-browsing thus providing security from drive-by malware.

DATA VISUALIZATION

A common tool for data visualization in Cyber Forensics is link analysis. This particular tool includes the use of graphs, pie charts, and crosstabs, among others to try to create a visual impression. This is a more practical approach in the field of forensic analysis where it is more interactive and literarily visual (Bennet, 2012). Ruan et al. (2011) indicate that data visualization entirely depends on the visualization tools possess by Cyber Forensic Investigator meaning that there are many open-source and commercial visualization tools present in the market. The basic idea of data visualization is to aid people to understand the data by seeing the data. (Ruan, Carthy, Kechadi, & Crosbie, 2011).

CONCLUSION

A national workshop found that the most important challenges in Cyber Forensics were education, training and funding, the size of memory, data volume, and understanding of technology (Baggili & Breitinger, 2017). Cyber forensic investigators are very vital in various cases today given that there has been a rapid change in technology over the years. This knowledge is very crucial today especially in court cases where the use of this kind of
technology has seen into it that there has been a change in the way various cases that proved hard to make a conclusion be easy.

REFERENCES

1. Baggili, I., & Breitinger, F. (2017, June 22). NSF National Workshop on Redefining Cyber Forensics. Retrieved 2017, from https://www.youtube.com/watch? v=RBHWVclGmmk&feature=youtu.be 2. Barocchini, A., & Maccherola, S. (2017, May 31). 3 Challenges to Data Collection in the Cloud. Retrieved 2017, from http://accessdata.com/blog/3-challenges-to-data-collectionin-the-cloud 3. Bennet, D. W. (2012). The Challenges Facing Computer Forensics Investigators in Obtaining Information from Mobile Devices for Use in Criminal Investigations. Information Security Journal: A Global Perspective , 21 (3), 159-168. 4. Brown, C. L. (2006). Computer Evidence Collection & Preservation. Massachusetts: Charles River Media, Inc. 5. Dykstra, J., & Sherman, A. T. (2013). Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform. Digital Investigation , 10, 8795. 6. Karie, N. M., & Venter, H. S. (2015). Taxonomy of challenges for digital forensics. Journal of forensic sciences , 60 (4), 885-893. 7. Quick, D., & Choo, K. (2016). Big forensic data reduction: digital forensic images and electronic evidence. Cluster Computing , 19 (2), 723-740. 8. Rogers, M. K., & Seigfried, K. (2014). The future of computer forensics: a needs analysis survey. Computers & Security , 23 (1), 12-16. 9. Ruan, K., Carthy, J., Kechadi, T., & Crosbie, M. (2011). Cloud forensics. IFIP International Conference on Digital Forensics (pp. 35-46). Berlin: Springer. 10.Samy, G. N., Shanmugam, B., Maarop, N., Magalingam, P., Perumal, S., & Albakri, S. H. (2017). Digital Forensic Challenges in the Cloud Computing Environment. International Conference of Reliable Information and Communication Technology , 669676. 11.Simon, M., & Choo, K. (2014). Digital forensics: challenges and future research directions. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2421339. In I.-S. Kim, & J. Liu, Contemporary Trends in Asian Criminal Justice: Paving the Way for the Future (pp. 105-146). Seoul, South Korea: Korean Institute of Criminology. 12.Stephenson, P. (n.d.). (ISC)² Guide to the CCFP CBK.

(3922)

Share