Faculty of Computing

Permanent URI for this communityhttps://rda.sliit.lk/handle/123456789/4202

Browse

Filters

20222

Advanced Search

Filter by

Settings

Subject: search.filters.subject.Forensic Investigation

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    PublicationEmbargo
    Digital Forensic Investigation Framework for Marine Industry
    (IEEE, 2022-07-18) Fernando, V; Senarathne, A
    A massive 400% increase of cyber-attacks was reported in the Marine industry since February 2020 up to date. Experiments and research are being conducted towards safeguarding data in various technological aspects of the marine environment with regards to navigation, transportation and system management. At present, generic investigation processes are developed for computer incidents and forensic readiness in this sector, but those do not describe the investigation process precisely. Although there are incident analysis technologies implemented for the Marine environment, it lacks reliable digital forensic tools for evidence extraction and analysis. Therefore, in this research, a comprehensive digital forensic investigation framework is proposed, answering the issues of existing frameworks, and a tool is implemented for the examination of navigational evidence. Forensic procedures of existing investigation methodologies were taken into consideration when developing the fusion framework. The Marine Geo Navigator was implemented with the technologies of Machine Learning and Visualization to evaluate geolocations and paths of vessels. Through expert analysis, the proposed investigation framework was verified as a suitable process to be utilized in the Marine industry and the tool was validated resulting an acceptable level of accuracy.
  • Thumbnail Image
    PublicationOpen Access
    Forensic Investigation Tool for Volatility Framework
    (www.ijisrt.com, 2022-03) Rupasinghe, R; Fernando, D. N
    According to many research findings, the volatile memory has become a more vital space used by attackers and malicious users to store data that needs to be covert from others and avoid reverse-engineering. Since most incident response teams seldom study the volatile memory and lack the knowledge and equipment needed to extract information from it, there is plenty of data to back this up. Furthermore, the recent development of malicious codes can remain in the memory without affecting the physical disk. Therefore security analysts must prioritize and investigate the volatile memory as an important component rather than being following traditional logic thinking that the malicious users will only look into hard disk storage. The Volatility Framework is an open-source and free set of tools to analyze computer memory. This framework provides many options for data analysis in different aspects as a command-line interface. This makes complications for forensic analysts to memorize and use the tools and plugins. This research offers a GUI and extensions for the Volatility Framework, which simplifies the usage and provides a time-saving approach as the investigators do not want to memorize long command sequences.