دانلود کتاب Innovations in Digital Forensics [Team-IRA]

فهرست مطالب :

Contents
Preface
About the Editors
About the Contributors
1. Digital Forensics for Emerging Technologies: Present and Future
1. Introduction
2. Background on Digital Forensics
3. Challenges in IoT Forensics
3.1. Interconnected devices
3.2. Heterogeneous ecosystem
3.3. Resource constraints
3.4. Lack of standardization
3.5. Privacy-preserving data sharing
4. Outline of This Book
5. Conclusion
References
2. Evaluating Deleted File Recovery Tools per NIST Guidelines: Results and Critique
1. Introduction
2. Background
2.1. Metadata-based deleted file recovery
2.1.1. FAT file system
2.1.2. NTFS file system
2.1.3. Recovering deleted files
2.2. File carving
2.3. NIST CFTT guidelines
2.3.1. For metadata-based DFR
2.3.2. For file carving
3. Objectives
4. Approach
4.1. Metadata-based tools
4.1.1. Designing recovery scenarios
4.1.2. Creating test images
4.1.3. Challenges
4.1.4. Recovering Files
4.1.5. Results
4.2. Carving-based tools
4.2.1. CFTT test cases
4.2.2. Recovering files
4.2.3. Evaluating results
4.2.4. Results
5. Discussion
5.1. Critique of DFR tools
5.1.1. Performance of metadata-based tools
5.1.2. Conditions for success of metadata-based tools
5.1.3. Performance for file carving tools
5.1.4. Conditions for success of file carving tools
5.2. Critique of NIST guidelines
5.2.1. FAT fragmentation and metadata-based tools
5.2.2. Incompatible core features for metadata-based tools
5.2.3. False-positives from file carving
6. Related Work
7. Conclusion
References
3. Optimized Feature Selection for Network Anomaly Detection
1. Introduction
2. Background
2.1. Particle swarm optimization
2.2. Ensemble methods
3. Approach Overview
4. Methodology
4.1. Optimized feature selection
4.2. Deep learning-based anomaly detection
5. IoT-Zeek Dataset Generation
5.1. Maliciousness classification
5.2. System adaptation
6. Evaluation Results and Discussion
6.1. Experimental setup
6.2. Benchmark datasets description
6.3. Feature selection results
6.4. Anomaly detection results
6.5. Comparative study
6.6. Efficiency
7. Related Works
7.1. Feature selection using optimization
7.2. Deep learning and anomaly detection
8. Concluding Remarks and Limitations
References
4. Forensic Data Analytics for Anomaly Detection in Evolving Networks
1. Introduction
2. Background
2.1. Service targeting attacks in evolving networks
2.2. Digital forensic analytics
3. Literature Review
3.1. Network anomaly detection
3.2. Forensic data analytics
3.3. Service targeting attack detection
3.4. Cybercrime-related entity detection
3.5. Research gaps
4. Multi-perspective as Intelligence for Anomaly Detection
4.1. Security posture support in evolving networks
4.2. Digital forensic analytics framework for anomaly detection
4.3. System deployment
5. Data Pre-processing and Feature Engineering
5.1. Data collection and description
5.2. Data normalization
5.3. Feature engineering
5.4. Attack patterns
6. Unsupervised Anomaly Detection
6.1. Malicious IPs and content fingerprinting
6.2. Compromised service nodes identification
7. Anomaly Detection Result Correction
7.1. Cross-perspective analysis
7.2. Time-series analysis
7.3. Offering analysis
7.4. Results summary
8. Summary
Acknowledgment
References
5. Offloading Network Forensic Analytics to Programmable Data Plane Switches
1. Introduction
2. Related Literature
2.1. P4-enabled analytics
2.2. Traditional network forensics
3. Background
3.1. A primer on programmable switches
3.2. Motivating line-rate network forensics
4. In-network Forensic Use Cases
4.1. Assessing DDoS
4.1.1. Slow DDoS
4.1.2. Volumetric analysis
4.2. Fingerprinting IoT devices
4.2.1. Switch-based constraints
4.2.2. Meeting hardware restrictions
4.2.3. P4-specific features
4.2.4. Parallel processing
4.2.5. Match table mapping
4.2.6. Device fingerprinting
4.2.7. Automating program configuration
5. Evaluation
5.1. Environmental setup
5.2. DDoS detection results
5.3. IoT fingerprinting assessment
5.3.1. Experimental setup
5.3.2. Classification results
6. Conclusion
Acknowledgment
References
6. An Event-Driven Forensic Auditing Framework for Clouds
1. Introduction
2. Related Work
3. Preliminaries
3.1. Security property
3.2. Security-related events
3.3. Security-related attributes
4. Event-Driven Cloud Auditing Framework
4.1. Overview
4.2. Framework architecture
4.3. Formal modeling and verification
5. Implementation
5.1. Overview
5.2. Event listening
5.3. Data collection
5.4. Data processing
5.5. Compliance verification
5.6. Challenges and limitations
6. Prototype Setup
7. Experiments
7.1. Scenario 1: Intra compute node attack
7.2. Scenario 2: Inter compute node attack
7.3. Feasibility of our cloud auditing framework
8. Conclusion
Acknowledgments
References
A. Appendix: Attack Scenarios
A.1. Steps of Intra Compute Node Attack
A.2. Steps of Inter Compute Node Attack
B. Appendix: Malicious Flows Fabrication
B.1. Fabrication of Malicious Flows for Outgoing Unicast
B.2. Fabrication of Malicious Flows for Incoming Unicast
B.3. Multicast and Broadcast Malicious Flows’ Fabrication
7. Multi-level Security Investigation for Clouds
1. Introduction
2. Preliminaries
2.1. Background on cloud levels
2.2. Background on dependency model
2.3. Major challenges in building predictive models
2.4. Threat model
3. Security Investigation System for Clouds
3.1. Overview
3.2. Prediction
3.3. Multi-level proactive verification
4. Implementation
4.1. Architecture
4.2. Implementation details
5. Adapting to Other Cloud Platforms
6. Experiments
6.1. Experimental settings
6.2. Experimental Results
7. Discussion
8. Related Work
8.1. Comparative study
8.2. Existing investigation approaches
9. Conclusions
References
8. Digital Evidence Collection in IoT Environment
1. Introduction
2. Definitions
2.1. Evidence
2.2. Evidence collection
2.3. IoT digital evidence collection
3. Digital Forensics
3.1. Traditional digital forensics
3.1.1. Evidence seizure
3.1.2. Evidence deconstruction and analysis
3.1.3. Forensic judgment and reporting
3.2. IoT digital forensics
3.2.1. Source of digital evidences in iot digital forensics
3.2.2. Challenges of IoT forensics
4. Digital Evidence Collection in IoT Systems
4.1. Computer evidence collection
4.2. IoT digital evidence collection
4.3. Cloud digital evidence collection
5. IoT Forensic Tools and Frameworks
5.1. Attributes of the IoT forensics tools
5.1.1. Forensics phases
5.1.2. Enablers
5.1.3. Networks
5.1.4. Sources of evidence
5.1.5. Investigation modes
5.1.6. Digital forensics models
5.1.7. IoT forensics data processing
5.1.8. Forensics layers
5.2. IoT forensics tools
5.3. IoT forensic frameworks
5.4. Discussion
6. Conclusion
References
9. Optimizing IoT Device Fingerprinting Using Machine Learning
1. Introduction
2. Related Work
3. Problem Statement
4. Proposed Methodology
4.1. Overview
4.1.1. Data Pre-processing
4.1.2. Data training
4.1.3. Data analysis and prediction
5. Experimentation
5.1. Precision and recall
5.2. F1-score (harmonic mean)
5.3. Complexity
6. Conclusion
References
10. Conclusion