Towards Black Box Forensic Cybercrime Investigation Model (BBFCIM)

Disruptive Technology ◽

10.4018/978-1-5225-9273-0.ch035 ◽

2020 ◽

pp. 704-723

Author(s):

Oyewole Simon Oginni

Keyword(s):

Black Box ◽

Cyber Attacks ◽

Flight Data ◽

Digital Divides ◽

Sequential Tests ◽

Investigation Process

Although internet has emerged to bridge digital divides and improve how things are done across diverse spheres of life, its explosion has also brought unexpected threats, risks and loss of valuables over a decade. Consequently, there seems to have been plethora of cybercrime investigation models but the proliferation of these models has not substantially reduced the frequency of cyber attacks globally. Given that the recent development in cyberspace seems to follow same trends of how survivable Black Box (Flight Data Recorder) emerged, this chapter proposes a Black Box Forensic Cybercrime Investigation Model (BBFCIM). BBFCIM sets a new agenda for cybercrime investigation process by focusing on survivability and reliability of existing and would-be models rather than evolving as a distinct model of itself. It adopts soft innovative skills in the development of Black Box components to shape proactive cybercrime investigation process through sequential tests on each networking layers.

Download Full-text

Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks

Networking and Telecommunications ◽

10.4018/978-1-60566-986-1.ch041 ◽

2010 ◽

pp. 647-660 ◽

Cited By ~ 1

Author(s):

Dennis K. Nilsson ◽

Ulf E. Larson

Keyword(s):

Data Collection ◽

Cyber Attacks ◽

Entry Point ◽

Forensic Investigation ◽

Digital Forensic ◽

Event Reconstruction ◽

Vehicle Networks ◽

Digital Investigation ◽

Investigation Process ◽

Vehicle Network

The introduction of a wireless gateway as an entry point to the automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network which currently lacks proper means for detecting and investigating security-related events. In this article, we discuss how to perform a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use the Integrated Digital Investigation Process proposed by Carrier and Spafford (2004) as a template to illustrate how our derived requirements affect an investigation. For each phase of the process, we show the benefits of meeting the requirements and the implications of not complying with them.

Download Full-text

Black box on earth - flight data recording at ground server stations

2013 Fifth International Conference on Advanced Computing (ICoAC) ◽

10.1109/icoac.2013.6921984 ◽

2013 ◽

Cited By ~ 1

Author(s):

Neena Susan Shaji ◽

T. C. Subbulakshmi ◽

Resington Mascarenhas R.

Keyword(s):

Black Box ◽

Data Recording ◽

Flight Data

Download Full-text

Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks

New Technologies for Digital Crime and Forensics ◽

10.4018/978-1-60960-515-5.ch008 ◽

2011 ◽

pp. 115-128

Author(s):

Dennis K. Nilsson ◽

Ulf E. Larson

Keyword(s):

Data Collection ◽

Cyber Attacks ◽

Entry Point ◽

Forensic Investigation ◽

Digital Forensic ◽

Event Reconstruction ◽

Vehicle Networks ◽

Digital Investigation ◽

Investigation Process ◽

Vehicle Network

The introduction of a wireless gateway as an entry point to the automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network which currently lacks proper means for detecting and investigating security-related events. In this article, we discuss how to perform a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use the Integrated Digital Investigation Process proposed by Carrier and Spafford (2004) as a template to illustrate how our derived requirements affect an investigation. For each phase of the process, we show the benefits of meeting the requirements and the implications of not complying with them.

Download Full-text

And I Alone Survived

Mechanical Engineering ◽

10.1115/1.2000-mar-6 ◽

2000 ◽

Vol 122 (03) ◽

pp. 84-86 ◽

Cited By ~ 7

Author(s):

Jack Raplee

Keyword(s):

Magnetic Tape ◽

Federal Aviation Administration ◽

Black Box ◽

Air Traffic ◽

Digital Recording ◽

Commercial Aircraft ◽

Recording Technology ◽

Flight Data ◽

Rotation Rates

This article focuses on the black box that is becoming smaller, smarter, and more useful as a safety tool in the aviation sector. Although endurance regulations have gone virtually unchanged for several years since the Federal Aviation Administration (FAA) first required the units on all commercial aircraft, the most notable has been the advent of digital recording technology. Digital recorders can record more parameters over longer periods of time using less energy than older magnetic tape recordings. Today, this kind of information is used not only to investigate an aviation accident, but to increase the safety of flying at a time when air traffic has grown significantly. The FAA is conducting a FOQA Demonstration Study in cooperation with major U.S. airlines. Based on digital flight data recordings, the study provided information on items such as unusual autopilot disconnects excessive rotation rates on takeoff, unstabilized approaches, and hard landings.

Download Full-text

Source Code Authorship Analysis For Supporting the Cybercrime Investigation Process

Handbook of Research on Computational Forensics, Digital Crime, and Investigation - Advances in Digital Crime, Forensics, and Cyber Terrorism ◽

10.4018/978-1-60566-836-9.ch020 ◽

2010 ◽

pp. 470-495 ◽

Cited By ~ 5

Author(s):

Georgia Frantzeskou ◽

Stephen G. MacDonell ◽

Efstathios Stamatatos

Keyword(s):

Credit Card ◽

Source Code ◽

Cyber Attacks ◽

Data Sets ◽

Author Identification ◽

Proposed Model ◽

N Gram ◽

Authorship Identification ◽

Investigation Process ◽

Authorship Analysis

Nowadays, in a wide variety of situations, source code authorship identification has become an issue of major concern. Such situations include authorship disputes, proof of authorship in court, cyber attacks in the form of viruses, trojan horses, logic bombs, fraud, and credit card cloning. Source code author identification deals with the task of identifying the most likely author of a computer program, given a set of predefined author candidates. We present a new approach, called the SCAP (Source Code Author Profiles) approach, based on byte-level n-grams in order to represent a source code author’s style. Experiments on data sets of different programming-language (Java,C++ and Common Lisp) and varying difficulty (6 to 30 candidate authors) demonstrate the effectiveness of the proposed approach. A comparison with a previous source code authorship identification study based on more complicated information shows that the SCAP approach is language independent and that n-gram author profiles are better able to capture the idiosyncrasies of the source code authors. It is also demonstrated that the effectiveness of the proposed model is not affected by the absence of comments in the source code, a condition usually met in cyber-crime cases.

Download Full-text

Remote Black Box

International Journal of Computer and Communication Technology ◽

10.47893/ijcct.2011.1063 ◽

2011 ◽

pp. 10-13

Author(s):

Srinath Sriram

Keyword(s):

Data Analysis ◽

Black Box ◽

Control Room ◽

Online Data ◽

Flight Data ◽

On Demand ◽

Remote Storage ◽

Gps Device

We have often read in the news paper about the black box of an aircraft being vital for analyzing the flight’s performance (non performance so to say!) and to understand the reasons for its failure, if any. When an aircraft has crashed, more often than not, an expensive search for the black-box is conducted which at times can be extremely costly and elusive, thus depriving of our ability to understand the causes of the crash. What great value will it be, if we could find a way to store the same flight data (or even better data) in a remote storage other than the in-flight black box and away from the aircraft? At worst at least, equip the black-box to transmit its location that can be detected by a GPS device to precisely identify its location so that costly searches can be avoided. Imagine, if we can also transmit flight data and pictures from inside of an aircraft using the same mechanism. During any hi-jacking or untoward incident, the in-flight happenings can be viewed pictorially by a control room (which, on demand can hook to the remote storage) such that the actors involved could easily be identified. This will immensely help one to frame negotiating positions or mount attempts to retrieve the control of the aircraft. The possibilities of extending its application to other areas are enormous with the availability of such a technology where one can perform online data analysis and views of inside or even outside the aircraft. For example, when an aircraft is in distress, it may be easier to understand what is causing a malfunctioning and be able to even prevent a major catastrophe.

Download Full-text