Digital evidence is increasingly used in juridical proceedings. In some recent legal cases, the verdict has been strongly influenced by the digital evidence proffered by the defense. Digital traces can be left on computers, phones, digital cameras, and also on remote machines belonging to ISPs, telephone providers, companies that provide services via Internet such as YouTube, Facebook, Gmail, and so on. This paper presents a methodology for the automated production of predetermined digital evidence, which can be leveraged to forge a digital alibi. It is based on the use of an automation, a program meant to simulate any common user activity. In addition to wanted traces, the automation may produce a number of unwanted traces, which may be disclosed upon a digital forensic analysis. These include data remanence of suspicious files, as well as any kind of logs generated by the operating system modules and services. The proposed methodology describes a process to design, implement, and execute the automation on a target system, and to properly handle both wanted and unwanted evidence. Many experiments with different combinations of automation tools and operating systems are conducted. This paper presents an implementation of the methodology through VBScript on Windows 7. A forensic analysis on the target system is not sufficient to reveal that the alibi is forged by automation. These considerations emphasize the difference between digital and traditional evidence. Digital evidence is always circumstantial, and therefore it should be considered relevant only if supported by stronger evidence collected through traditional investigation techniques. Thus, a Court verdict should not be based solely on digital evidence.
Nowadays the use of video conference tools from mobile devices is becoming more widespread. Unfortunately, solutions based only on the security features inherited from the operator infrastructure cannot be blindly trusted. Therefore, the need for secure communication tools is rapidly increasing. Currently, voice and video communication tools are considered unreliable when used in either a mobile context or under poor signal strength conditions. This is particularly true for IP connections routed on the Packet-Switched Domain (PSD) over 3G mobile networks. This paper presents the design and the implementation of SECR3T (Secure End-to-End Communication over 3G Telecommunication Networks), a fully-fledged secure communication system for mobile devices based on the native Circuit-Switched Domain (CSD) of 3G networks. To the authors knowledge, this is the first solution for secure communication over the CSD of 3G networks. The security schemes implemented by SECR3T include mutual end-to-end authentication as well as data encryption. The adopted end-to-end security mechanisms have been embedded within the native 3G-324M protocol and do not require any form of interaction with the mobile network operator. Relying on the CSD, SECR3T provides a better QoS with respect to the PSD based solutions for 3G networks. It also requires less power consumption as the user is registered once on the Base Station (BS), with the handset not having to implement any heavy keep-alive protocols. In order to prove the effectiveness of the adopted strategy, a prototype was implemented to compare its performance with the well-known PSD solutions. Subsequently, the authors experimentally evaluated the security strengths and the impacts produced on the user experience with respect to traditional tools using CSD.
This paper addresses capacity estimation for cellular code-division multiple-access (CDMA) systems, assuming the IS-95 standard as a reference. Extending a previous analytical method (Viterbi et al., 1994), we obtain a sequence of bounds on capacity, and then we introduce an accurate approximation to reduce computation complexity. The analysis accounts for interference internal and external to the reference cell, fading, shadowing, and imperfect power control. Outage probability is expressed in terms of the characteristic functions (cf's) of the interference and imperfect power control random variables (RV's). The interference contributions are computed on the basis of a Poisson distribution for the number of users in a lognormally shadowed channel. Results are provided for different channel conditions and are validated against Monte Carlo simulations. A comparison against previously published CDMA capacity estimates is carried out, aimed at clarifying some controversial issues. It is also confirmed that large system capacity is achievable under tight power control.
In this paper we review the Adaptive Vector Quantization algorithm for lossy image compression, introduced by Constantinescu and Storer. AVQ combines the potentiality of a dictionary-based algorithm to process input in single-pass with the potentiality of Vector Quantization to approximate data. We discuss an open-source implementation and report the achieved results by this implementation with different size of the dictionary. Subsequently, we consider the problem of the copyright protection in multimedia contents, by focusing our attention on the Digital Watermarking. In addition we describe an approach for this algorithm that permits to improve the robustness of digital invisible watermarks. The proposed approach consists of spreading the watermark into the image during the compression process. We assume that the compression algorithm is aware of the positions of the watermarks: when the algorithm identifies the block containing the watermark, then this block is encoded in loss less mode and is spread all over the image.
The secure deletion of sensitive data can improve user privacy in many contexts and, in some extreme circumstances, keeping some information private can determine the life or death of a person. In fact, there are still several countries where freedom of expression is limited by authoritarian regimes, with dissidents being persecuted by their government. Recently, some countries have begun to make an effort to aid these people to communicate in a secure way, thus helping them to gain freedom. In this context, the present work can be a contribution in spreading the free use of Internet and, in general, digital devices. In countries where freedom of expression is persecuted, a dissident who would like to spread (illegal) information by means of the Internet should take into account the need to avoid as many traces as possible of his activity, in order to mislead eventual forensics investigations. In particular, this work introduces a methodology to delete a predetermined data set from a digital device in a secure and fast way, for example, with a single click of the mouse. All the actions required to remove the unwanted evidence can be performed by means of an automation, which is also able to remove traces about its execution and presence on the system. A post-mortem digital forensics analysis of the system will never reveal any information that may be referable to either the deleted data set or automation process.
The web is experiencing an explosive growth in the last years. New technologies are introduced at a very fast-pace with the aim of narrowing the gap between web-based applications and traditional desktop applications. The results are web applications that look and feel almost like desktop applications while retaining the advantages of being originated from the web. However, these advancements come at a price. The same technologies used to build responsive, pleasant and fully-featured web applications, can also be used to write web malware able to escape detection systems. In this article we present new obfuscation techniques, based on some of the features of the upcoming HTML5 standard, which can be used to deceive malware detection systems. The proposed techniques have been experimented on a reference set of obfuscated malware. Our results show that the malware rewritten using our obfuscation techniques go undetected while being analyzed by a large number of detection systems. The same detection systems were able to correctly identify the same malware in its original unobfuscated form. We also provide some hints about how the existing malware detection systems can be modified in order to cope with these new techniques.
In the last decade Digital Forensics has experienced several issues when dealing with network evidence. An analyst, which is in charge of managing evidence flowing over a network have to face problems due to the volatile nature of such information. In facts, such data may change over time, may be lying on a server out of the his jurisdiction, or geographically far from where the crime was committed. In this paper two methods to allow remote collection of network evidence produced by online services such as web pages, chats, documents, photos and videos are presented. They enable the analyst to drive the acquisition process through the online services considered potential sources of evidence. During the process, all data flowing through the network is automatically collected (i.e., all the IP packets). The second one also collects the graphical representation of the acquisition (e.g., how the browser visualizes such data). Both methods introduce a trusted third party (acting as a digital notary) which is in charge of collecting and ``certifying'' network evidence. Before closing the acquisition process, a detailed report of the collected evidence is generated and made available to the analyst along with the collected data. Cryptographic primitives are used to demonstrate ex post data integrity, how it has been acquired and the acquisition time. As a proof of concept two prototypes have been implemented. To enhance the Court confidence of the collected evidence, at the same time, the service could be run across multiple coordinated servers acquiring the same data from different point of the network.
'%3e%3cpath fill='%23012169' d='M0 0v30h60V0z'/%3e%3cpath stroke='%23fff' stroke-width='6' d='m0 0 60 30m0-30L0 30'/%3e%3cpath stroke='%23C8102E' stroke-width='4' d='m0 0 60 30m0-30L0 30' clip-path='url(%23b)'/%3e%3cpath stroke='%23fff' stroke-width='10' d='M30 0v30M0 15h60'/%3e%3cpath stroke='%23C8102E' stroke-width='6' d='M30 0v30M0 15h60'/%3e%3c/g%3e%3c/svg%3e)