Follow Us
  • YouTube Social  Icon
  • Twitter Classic
  • Google Classic
  • Facebook Classic

© 2019

Dr. Baggili presents research at SADFE 2013, in Hong Kong (IEEE) 8th International Workshop on Systematic Approaches to Digital Forensic Engineering

November 18, 2013

Dr. Baggili particiapted in two papers will be presented at this conference. To see this year's conference program click here. Below are the Abstracts:

 

Paper 1: Forensic artifacts of the ChatON Instant Messaging application

 

Abstract— Instant Messaging (IM) is one of the most used types of applications across all digital devices, and is an especially popular feature on smartphones. This research is about the artifacts left by Samsung’s ChatON IM application, which is a multi-platform IM application. In this work, we acquired forensic images of a Samsung Galaxy Note device running Android 4.1 and an iPhone running iOS 6. The acquired images were analyzed and the data relevant to the ChatON application were identified. This research resulted is a map of the digital evidence left by ChatON on these mobile devices which assists digital forensics practitioners and researchers in the process of locating and recovering digital evidence from ChatON.

 

Paper 2: CAT Record (Computer Activity Timeline Record): A unified agent based approach for real time computer forensic evidence collection

 

Abstract— In this paper we present CAT Record – a real time computer forensics agent that records computer activity for subsequent forensic investigation on a Windows computer system as actions are taking place on a system. This approach is different from the traditional post-mortem approach of examining a hard disk since activities are being recorded as they are happening. The prototype agent included six modules 1) Windows Event Watcher - which records the Windows Operating System events 2) Active Window Detector - which records the active windows on the screen 3) Font-Time-Power-Resolution Detector - which records changes in font, time, power or resolution on the system 4) Explorers Monitor - which records the activity when opening an item from the Windows Explorer or Internet Explorer 5) Removable Devices Detector - which records any external devices that are plugged in or removed from a system and 6) File System Watcher - which records the activity taking place on the file system. CAT Record was stress tested in three scenarios using an automated program that was written to test the accuracy of the agent and its memory consumption on Windows XP and Windows 7. Overall, the results indicated that the amount of recorded data varied between Windows XP and Windows 7 and that CAT Record on average did not consume more than 42,876 KB of memory per second during its operation under extremely stressful tests.

 

Tags: Datapp, Cyber Forensics

Please reload

Featured Posts

BigScreen and Unity Virtual Reality Attacks and the Man in The Room Attack

February 19, 2019

1/10
Please reload

Recent Posts
Please reload

Search By Tags