A Digital Forensic investigative model for business organisations
- Forrester, Jock, Irwin, Barry V W
- Authors: Forrester, Jock , Irwin, Barry V W
- Date: 2007
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430078 , vital:72664 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228783555_A_Digital_Forensic_investigative_model_for_business_organisations/links/53e9c5e80cf28f342f414987/A-Digital-Forensic-investigative-model-for-business-organisations.pdf
- Description: When a digital incident occurs there are generally three courses of ac-tions that are taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event. In the case of law enforcement the priority is to secure the crime scene, followed by the identification of evidentiary sources which should be dispatched to a specialist laboratory for analysis. In the case of an inci-dent military (or similar critical infrastructures) infrastructure the primary goal becomes one of risk identification and elimination, followed by re-covery and possible offensive measures. Where financial impact is caused by an incident, and revenue earning potential is adversely af-fected, as in the case of most commercial organisations), root cause analysis, and system remediation is of primary concern, with in-depth analysis of the how and why left until systems have been restored.
- Full Text:
- Date Issued: 2007
- Authors: Forrester, Jock , Irwin, Barry V W
- Date: 2007
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430078 , vital:72664 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228783555_A_Digital_Forensic_investigative_model_for_business_organisations/links/53e9c5e80cf28f342f414987/A-Digital-Forensic-investigative-model-for-business-organisations.pdf
- Description: When a digital incident occurs there are generally three courses of ac-tions that are taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event. In the case of law enforcement the priority is to secure the crime scene, followed by the identification of evidentiary sources which should be dispatched to a specialist laboratory for analysis. In the case of an inci-dent military (or similar critical infrastructures) infrastructure the primary goal becomes one of risk identification and elimination, followed by re-covery and possible offensive measures. Where financial impact is caused by an incident, and revenue earning potential is adversely af-fected, as in the case of most commercial organisations), root cause analysis, and system remediation is of primary concern, with in-depth analysis of the how and why left until systems have been restored.
- Full Text:
- Date Issued: 2007
A geopolitical analysis of long term internet network telescope traffic
- Irwin, Barry V W, Pilkington, Nik, Barnett, Richard J, Friedman, Blake
- Authors: Irwin, Barry V W , Pilkington, Nik , Barnett, Richard J , Friedman, Blake
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428142 , vital:72489 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228848896_A_geopolitical_analysis_of_long_term_internet_network_telescope_traffic/links/53e9c5190cf2fb1b9b672aee/A-geopolitical-analysis-of-long-term-internet-network-telescope-traffic.pdf
- Description: This paper presents results form the analysis of twelve months of net-work telescope traffic spanning 2005 and 2006, and details some of the tools developed. The most significant results of the analysis are high-lighted. In particular the bulk of traffic analysed had its source in the China from a volume perspective, but Eastern United States, and North Western Europe were shown to be primary sources when the number of unique hosts were considered. Traffic from African states (South Af-rica in particular) was also found to be surprisingly high. This unex-pected result may be due to the network locality preference of many automated agents. Both statistical and graphical analysis are present-ed. It is found that a country with a high penetration of broadband con-nectivity is likley to feature highly in Network telescope traffic, as are networks logically close to the telescope network.
- Full Text:
- Date Issued: 2007
- Authors: Irwin, Barry V W , Pilkington, Nik , Barnett, Richard J , Friedman, Blake
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428142 , vital:72489 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228848896_A_geopolitical_analysis_of_long_term_internet_network_telescope_traffic/links/53e9c5190cf2fb1b9b672aee/A-geopolitical-analysis-of-long-term-internet-network-telescope-traffic.pdf
- Description: This paper presents results form the analysis of twelve months of net-work telescope traffic spanning 2005 and 2006, and details some of the tools developed. The most significant results of the analysis are high-lighted. In particular the bulk of traffic analysed had its source in the China from a volume perspective, but Eastern United States, and North Western Europe were shown to be primary sources when the number of unique hosts were considered. Traffic from African states (South Af-rica in particular) was also found to be surprisingly high. This unex-pected result may be due to the network locality preference of many automated agents. Both statistical and graphical analysis are present-ed. It is found that a country with a high penetration of broadband con-nectivity is likley to feature highly in Network telescope traffic, as are networks logically close to the telescope network.
- Full Text:
- Date Issued: 2007
Bridging the gap for Next Generation Services: Presence Services on Legacy Devices
- Moyo, Thamsanqa, Thinyane, Mamello, Wright, Madeleine, Irwin, Barry V W, Clayton, Peter G, Terzoli, Alfredo
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428177 , vital:72491 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428177 , vital:72491 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
Bridging the gap for Next Generation Services: Presence Services on Legacy Devices
- Moyo, Thamsanqa, Thinyane, Mamello, Wright, Madeleine, Irwin, Barry V W, Clayton, Peter G, Terzoli, Alfredo
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428176 , vital:72492 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428176 , vital:72492 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
Evaluating compression as an enabler for centralised monitoring in a Next Generation Network
- Otten, Fred, Irwin, Barry V W, Slay, Hannah
- Authors: Otten, Fred , Irwin, Barry V W , Slay, Hannah
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428226 , vital:72495 , https://citeseerx.ist.psu.edu/document?repid=rep1andtype=pdfanddoi=f9ed69db7da44c168082934cd4ea5a413b2bf7f5
- Description: With the emergence of Next Generation Networks and a large number of next generation services, the volume and diversity of information is on the rise. These networks are often large, distributed and consist of het-erogeneous devices. In order to provide effective centralised monitoring and control we need to be able to assemble the relevant data at a cen-tral point. This becomes difficult because of the large quantity of data. We also would like to achieve this using the least amount of bandwidth, and minimise the latency. This paper investigates using compression to enable centralised monitoring and control. It presents the results of ex-periments showing that compression is an effective method of data re-duction, resulting in up to 93.3 percent reduction in bandwidth usage for point-to-point transmission. This paper also describes an architecture that incorporates compression and provides centralised monitoring and control.
- Full Text:
- Date Issued: 2007
- Authors: Otten, Fred , Irwin, Barry V W , Slay, Hannah
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428226 , vital:72495 , https://citeseerx.ist.psu.edu/document?repid=rep1andtype=pdfanddoi=f9ed69db7da44c168082934cd4ea5a413b2bf7f5
- Description: With the emergence of Next Generation Networks and a large number of next generation services, the volume and diversity of information is on the rise. These networks are often large, distributed and consist of het-erogeneous devices. In order to provide effective centralised monitoring and control we need to be able to assemble the relevant data at a cen-tral point. This becomes difficult because of the large quantity of data. We also would like to achieve this using the least amount of bandwidth, and minimise the latency. This paper investigates using compression to enable centralised monitoring and control. It presents the results of ex-periments showing that compression is an effective method of data re-duction, resulting in up to 93.3 percent reduction in bandwidth usage for point-to-point transmission. This paper also describes an architecture that incorporates compression and provides centralised monitoring and control.
- Full Text:
- Date Issued: 2007
Inetvis: a graphical aid for the detection and visualisation of network scans
- Irwin, Barry V W, van Riel, Jean-Pierre
- Authors: Irwin, Barry V W , van Riel, Jean-Pierre
- Date: 2007
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430381 , vital:72687 , https://www.cs.ru.ac.za/research/g02V2468/publications/Irwin-VizSEC2007_draft.pdf
- Description: This paper presents an investigative analysis of network scans and scan detection algorithms. Visualisation is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. The scan detection algorithms of Snort and Bro are critiqued by comparing the visualised scans with alert output. Where human assessment disa-grees with the alert output, explanations are sought after by analysing the detection algorithms. The algorithms of the Snort and Bro intrusion detection systems are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- Date Issued: 2007
- Authors: Irwin, Barry V W , van Riel, Jean-Pierre
- Date: 2007
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430381 , vital:72687 , https://www.cs.ru.ac.za/research/g02V2468/publications/Irwin-VizSEC2007_draft.pdf
- Description: This paper presents an investigative analysis of network scans and scan detection algorithms. Visualisation is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. The scan detection algorithms of Snort and Bro are critiqued by comparing the visualised scans with alert output. Where human assessment disa-grees with the alert output, explanations are sought after by analysing the detection algorithms. The algorithms of the Snort and Bro intrusion detection systems are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- Date Issued: 2007
- «
- ‹
- 1
- ›
- »