Abstract: The purpose of this on-going research has been to gain an understanding of the information that remains on disposed hard disks and to determine the level of damage that could, potentially be caused, if the information fell into the wrong hands. The study examines disks that have been obtained in a number of countries to determine whether there is any detectable national or regional variance in the way that the disposal of computer disks is addressed and to compare the results for any other detectable regional or temporal trends.
Abstract: Instant messenger programs such as ICQ are often used by hackers and criminals for illicit purposes and xD;consequently the log files from such programs are of interest in a forensic investigation. This paper outlines xD;research that has resulted in the development of a tool for the extraction of ICQ log file entries. Detailed xD;reconstruction of data from log files was achieved with a number of different ICQ software. There are several xD;limitations with the current design including timestamp information not adjusted for the time zone, data could xD;be altered, and conversations must be manually reconstructed. Future research will aim to address these and xD;other limitations as pointed out in this paper.
Abstract: This paper reports on generic issues discovered as a result of conducting computer and network vulnerability xD;assessments (CNVA) on Australian critical infrastructure providers. Generic issues discovered included policy, xD;governance, IT specific such as segregation, patching and updating. Physical security was also lacking in some cases. xD;Another issue was that previous security audits had failed to identify any of these issues. Of major concern is that xD;despite education and awareness programs, and a body of knowledge referring to these issues, they are still xD;occurring. It may be necessary for the federal government to force organisations to undergo computer and network xD;vulnerability assessment from recognised experts on a regular basis.
Abstract: This study looked for remnant data on enterprise level hard drives that were purchased through auctions. The xD;drives were analysed for information, be it topical or formatted. In the event that drives were formatted, forensic xD;tools were used to recover this data. This years study revealed a high level of not simply un-erased drives, but xD;drives which contained information that related to critical infrastructure providers. That such a small sample xD;size yielded such a high rate of un-erased drives is of considerable concern, and it may be necessary for the xD;government to become involved.
Abstract: This paper outlines initial analysis from research in progress into ADSL homed Nepenthes honeypots. One of the Nepenthes honeypots prime objective in this research was the collection of malware for analysis and dissection. A further objective is the analysis of risks that are circulating within ISP networks in Western Australian. What differentiates Nepenthes from many traditional honeypot designs it that is has been engineered from a distributed network philosophy. The program allows distribution of results across a network of sensors and subsequent aggregation of malware statistics readily within a large network environment.
Abstract: A vast majority of medical information systems use Standard Query Language databases (SQL) as the underlying technology to deliver medical records in a timely and efficient manner. SQL is a standardised and well entrenched database technology, which allows for the development of robust, customised applications for information management. In recent years, SQL has been used as the back-end to many successful web client accessible applications. The use of SQL in this manner has been greatly enhanced through the development of server side scripting languages such as Microsoft ASP and open source systems such as PHP. These allow for the representation and extraction of data from a database and have a range of manipulation and display possibilities allowing a developer a rich tapestry of options. However, these scripting languages have enabled the ability for malicious users to directly modify, manipulate or destroy SQL databases. In addition to those server side scripting language problems there is also malicious software in the form of worms specifically targeting SQL databases.
Abstract: There is increasing pressure on medical practices to use digital information systems for storage of patient data. Some consideration is given to protecting these systems from a external or “ hacker†focus. This paper looks at the issue that the increasing use of digital information systems has for insider malfeasanc
Abstract: Radio frequency identification tags (RFID) have been in use for a number of years, in a variety of applications. They are a small computer chip like device that can range in size from a thumbnail to a credit card size device. They consist of a small silicon chip, and an antenna used to receive and transmit data. When a tag receives a signal from a valid reader it sends a response, typically a tag ID and any other requested/available data back to the reader device. The newer range of RFID chips that are coming into use now use higher frequencies (UHF) and are able to be detected, or transmitted to, from longer distances (1 – 10 m) with a conventional handheld reader. This increased distance alone presents many opportunities for users and misusers alike. These include but are not limited to passive scanning/sniffing of information in transit, deception, disruption of signal, and injection of malicious or false data into the broadcast envelope. There is no evidence currently in the literature of long-range scans or attacks on UHF RFID tag or supporting infrastructure. Given that these tags are now being used in military applications, an improved understanding of their vulnerabilities from long range scanning techniques will contribute to national security. An understanding of the long range scanning potential of these devices also will allow further study into the possible misuse of RFID technology in society by governments, business and individuals.
Abstract: Recent studies in Australia and the United Kingdom indicate that a broad cross-section of organisations are failing to adequately protect or erase confidential data stored on hard disk drives before subsequent disposal. Over 90% of hard disks that were examined as a result of the two Independent studies were in an easily recoverable state with some drives simply requiring a boot. This paper will give an overview and comparison of the two studies conducted. Then an examination of possible factors responsible for the inadequate erasure of hard disk devices will be undertaken. Furthermore, possible future research directions will also be explored.
Abstract: Honeypots or honeynets are a technology that is rapidly maturing and establishing this archetype of countermeasure as viable and useful in modern network defence. Honeypot technology is now at a point of development where near real-time monitoring and forensic analysis of security events can occur. This paper explores the hurdles to be overcome for the internal deployment of honeypot technologies.
Abstract: One of the common anecdotal complaints used when defending the insecure erasure of hard disks is the length of time taken to affect a secure erasure. This paper discusses results of experiments conducted with Unix/Linux based hard disk wiping software when run on various machines and hard disk mechanisms in terms of size, speed and interface. The initial research has uncovered a range of issues and factors that affect the speed of erasure of hard disk mechanisms. Some of these factors included memory configuration and CPU but not in ways that were expected. This paper includes results from contemporary ATA and the newer SATA IDE hard disk drives in use today.
Abstract: Organisations and individuals are increasingly store information and data about themselves on a wide variety of digital devices. These devices form an organisation’s ‘digital memory’ and as should be safeguarding against disclosure and breaches of integrity. Many organisations and individuals are employing various countermeasures often at considerable expense to protect this data. However, evidence would suggest that these assets are disposed of poorly with much of the data being intact or readily retrievable using simple forensic recovery techniques. This paper is a study of the ability to recover information from hard drives that are for sale at public auctions in Australia. The hard disks were taken from computers that were randomly selected and purchased at several auctions. The results from this study indicate careless disposal of data devices is widespread.
Abstract: Organisations and individuals are increasingly store information and data about themselves on a wide variety xD;of digital devices. These devices form an organisation’s ‘digital memory’ and as should be safeguarding xD;against disclosure and breaches of integrity. Many organisations and individuals are employing various xD;countermeasures often at considerable expense to protect this data. However, evidence would suggest that these xD;assets are disposed of poorly with much of the data being intact or readily retrievable using simple forensic xD;recovery techniques. xD;This paper is a study of the ability to recover information from hard drives that are for sale at public auctions xD;in Australia. The hard disks were taken from computers that were randomly selected and purchased at several xD;auctions. The results from this study indicate careless disposal of data devices is widespread.
Abstract: The Snort intrusion detection system is a widely used and well-regarded open sourcesystem used for the xD;detection of malicious activity in conventional wired networks. Recently, software patches to enable 802.11 xD;wireless intrusion detection capability in Snort have been released. This paper focuses on the lessons learned xD;from a live deployment of these wireless extensions to the Snort IDS. Generic issues with the deployment of xD;wireless intrusion detection systems are discussed in this paper. In addition, preliminary findings and analysis xD;from the data collected in the pilot study using the wireless enabled snort intrusion detection system are also xD;presented.
