Radio Network Forensic with mmWave Using the Dominant Path Algorithm

For the last two decades, cybercrimes are growing on a daily basis. To track down cybercrimes and radio network crimes, digital forensic for radio networks provides foundations. The data transfer rate for the next-generation wireless networks would be much greater than today’s network in the coming years. The fifth-generation wireless systems are considering bands beyond 6 GHz. The network design of the next-generation wireless systems depends on propagation characteristics, frequency reuse, and bandwidth variation. This article declares the channel’s propagation characteristics of both line of sight (LoS) and non-LOS (NLoS) to construct and detect the path of rays coming from anomalies. The simulations were carried out to investigate the diffraction loss (DL) and frequency drop (FD). Indoor and outdoor measurements were taken with the omnidirectional circular dipole antenna with a transmitting frequency of 28 GHz and 60 GHz to compare the two bands of the 5th generation. Millimeter-wave communication comes with a higher constraint for implementing and deploying higher losses, low diffractions, and low signal penetrations for the mentioned two bands. For outdoor, a MATLAB built-in 3D ray tracing algorithm is used while for an indoor office environment, an in-house algorithmic simulator built using MATLAB is used to analyze the channel characteristics.

Analysis of Challenges in Modern Network Forensic Framework

Network forensics can be an expansion associated with network security design which typically emphasizes avoidance and detection of community assaults. It covers the necessity for dedicated investigative abilities. When you look at the design, this indeed currently allows investigating harmful behavior in communities. It will help organizations to examine external and community this is undoubtedly around. It is also important for police force investigations. Network forensic techniques can be used to identify the source of the intrusion and the intruder’s location. Forensics can resolve many cybercrime cases using the methods of network forensics. These methods can extract intruder’s information, the nature of the intrusion, and how it can be prevented in the future. These techniques can also be used to avoid attacks in near future. Modern network forensic techniques face several challenges that must be resolved to improve the forensic methods. Some of the key challenges include high storage speed, the requirement of ample storage space, data integrity, data privacy, access to IP address, and location of data extraction. The details concerning these challenges are provided with potential solutions to these challenges. In general, the network forensic tools and techniques cannot be improved without addressing these challenges of the forensic network. This paper proposed a thematic taxonomy of classifications of network forensic techniques based on extensive. The classification has been carried out based on the target datasets and implementation techniques while performing forensic investigations. For this purpose, qualitative methods have been used to develop thematic taxonomy. The distinct objectives of this study include accessibility to the network infrastructure and artifacts and collection of evidence against the intruder using network forensic techniques to communicate the information related to network attacks with minimum false-negative results. It will help organizations to investigate external and internal causes of network security attacks.

Encrypted Network Traffic Analysis of Secure Instant Messaging Application: A Case Study of Signal Messenger App

Instant messaging applications (apps) have played a vital role in online interaction, especially under COVID-19 lockdown protocols. Apps with security provisions are able to provide confidentiality through end-to-end encryption. Ill-intentioned individuals and groups use these security services to their advantage by using the apps for criminal, illicit, or fraudulent activities. During an investigation, the provision of end-to-end encryption in apps increases the complexity for digital forensics investigators. This study aims to provide a network forensic strategy to identify the potential artifacts from the encrypted network traffic of the prominent social messenger app Signal (on Android version 9). The analysis of the installed app was conducted over fully encrypted network traffic. By adopting the proposed strategy, the forensic investigator can easily detect encrypted traffic activities such as chatting, media messages, audio, and video calls by looking at the payload patterns. Furthermore, a detailed analysis of the trace files can help to create a list of chat servers and IP addresses of involved parties in the events. As a result, the proposed strategy significantly facilitates extraction of the app’s behavior from encrypted network traffic which can then be used as supportive evidence for forensic investigation.

Analysis of Conti Ransomware Attack on Computer Network with Live Forensic Method

Ransomware viruses have become a dangerous threat increasing rapidly in recent years. One of the variants is Conti ransomware that can spread infection and encrypt data simultaneously. Attacks become a severe threat and damage the system, namely by encrypting data on the victim's computer, spreading it to other computers on the same computer network, and demanding a ransom. The working principle of this Ransomware acts by utilizing Registry Query, which covers all forms of behavior in accessing, deleting, creating, manipulating data, and communicating with C2 (Command and Control) servers. This study analyzes the Conti virus attack through a network forensic process based on network behavior logs. The research process consists of three stages, the first stage is simulating attacks on the host computer, the second stage is carrying network forensics by using live forensics methods, and the third stage is analysing malware by using statistical and dynamic analysis. The results of this study provide forensic data and virus behavior when running on RAM and computer networks so that the data obtained makes it possible to identify ransomware traffic on the network and deal with zero-day, especially ransomware threats. It is possible to do so because the analysis is an initial step in generating virus signatures based on network indicators.