Niken Dwi Wahyu Cahyani

Bio: Niken Dwi Wahyu Cahyani is an academic researcher from University of South Australia. The author has contributed to research in topics: Digital forensics & Computer science. The author has an hindex of 6, co-authored 11 publications receiving 205 citations. Previous affiliations of Niken Dwi Wahyu Cahyani include Telkom University.

Cloud incident handling and forensic‐by‐design: cloud storage as a case study

Abstract: Summary Information security incident handling strategies or models are important to ensure the security of organisations, particularly in cloud and big data environments. However, existing strategies or models may not adequate as cloud data are generally virtualised, geographically distributed and ephemeral, presenting both technical and jurisdictional challenges. We present an integrated cloud incident handling and forensic-by-design model. We then seek to validate the model using a set of controlled experiments on a cloud-related incident. Three popular cloud storage applications were deployed namely, Dropbox, Google Drive, and OneDrive. This study demonstrates the utility of the model for organisational cloud users to undertake incident investigations (e.g. collect and analyse residual data from cloud storage applications). Copyright © 2016 John Wiley & Sons, Ltd.

Forensic data acquisition from cloud-of-things devices: windows Smartphones as a case study

Abstract: Summary The continued amalgamation of cloud technologies into all aspects of our daily lives and the technologies we use (i.e. cloud-of-things) creates business opportunities, security and privacy risks, and investigative challenges (in the event of a cybersecurity incident). This study examines the extent to which data acquisition from Windows phone, a common cloud-of-thing device, is supported by three popular mobile forensics tools. The effect of device settings modification (i.e. enabling screen lock and device reset operations) and alternative acquisition processes (i.e. individual and combined acquisition) on the extraction results are also examined. Our results show that current mobile forensic tool support for Windows Phone 8 remains limited. The results also showed that logical acquisition support was more complete in comparison to physical acquisition support. In one example, the tool was able to complete a physical acquisition of a Nokia Lumia 625, but its deleted contacts and SMSs could not be recovered/extracted. In addition we found that separate acquisition is needed for device removable media to maximize acquisition results, particularly when trying to recover deleted data. Furthermore, enabling flight-mode and disabling location services are highly recommended to eliminate the potential for data alteration during the acquisition process. These results should provide practitioners with an overview of the current capability of mobile forensic tools and the challenges in successfully extracting evidence from the Windows phone platform. Copyright © 2016 John Wiley & Sons, Ltd.

The Role of Mobile Forensics in Terrorism Investigations Involving the Use of Cloud Storage Service and Communication Apps

Abstract: Mobile technologies can be, and have been, exploited in terrorist activities. In this paper, we highlight the importance of mobile forensics in the investigation of such activities. Specifically, using a series of controlled experiments on Android and Windows devices, we demonstrate how mobile forensics techniques can be used to recover evidentiary artefacts from client devices. There are three simulation scenarios, namely: (1) information propagation, (2) information concealment and (3) communications. The experiments used three popular cloud apps (Google Drive, Dropbox, and OneDrive), five communication apps (Messenger, WhatsApp, Telegram, Skype and Viber), and two email apps (GMail and Microsoft Outlook). The evidential data was collected and analysed using mobile forensics and network packet analyser tools. The correlation of evidence artefacts would support to infer illegal use of mobile devices. This study also highlights the extent of acquired evidence between Android and Windows devices, in which Android presents more evidentiary value.

Using Multimedia Presentations to Enhance the Judiciary's Technical Understanding of Digital Forensic Concepts: An Indonesian Case Study

Abstract: Members of the judiciary and law enforcement agencies need to understand digital forensics in order to determine the admissibility of, and to effectively present, digital evidence in a court. In this paper, we examine the use of multimedia presentations to improve participants' understanding of particular terms and concepts that commonly arise in digital forensic investigations. A questionnaire-based survey was conducted using a convenient sample of judges, investigators, prosecutors and staff from three provinces in Indonesia. We compared the participants' understanding of three technical terms: mobile forensics, time zones, and hashing, before and after watching three educational videos on the respective topics. The results showed that all participants had an increased level of understanding after viewing the educational videos. The participants also provided useful feedback that can be used as a guide for improved design decisions in future multimedia-based training.

Effectiveness of multimedia presentations in improving understanding of technical terminologies and concepts: a pilot study

Abstract: In legal cases, ensuring that members of the judiciary and juries have an appropriate understanding of the evidence being presented is integral to the delivery of justice. This pilot study uses a questionnaire-type survey, in Indonesia and Taiwan (Republic of China) to determine the utility of multimedia presentations as a training tool for educating Judiciary and Linguistic (representing educated laypersons) groups. Participants’ understanding of three digital forensic terms was compared; before and after watching videos on the corresponding topics. The findings suggested that 80% of the participants experienced improved comprehension of specific technical terms after watching the multimedia videos. However, improvement in comprehension from viewing the videos reduces with age (ρ = –0.189 with a P value of 0.033 at 95% level of confidence). The study also found that the features of the video (e.g. analogy) affect participant’s understanding. The findings suggested that multimedia presentations are an eff...

A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues

Abstract: Today is the era of the Internet of Things (IoT). The recent advances in hardware and information technology have accelerated the deployment of billions of interconnected, smart and adaptive devices in critical infrastructures like health, transportation, environmental control, and home automation. Transferring data over a network without requiring any kind of human-to-computer or human-to-human interaction, brings reliability and convenience to consumers, but also opens a new world of opportunity for intruders, and introduces a whole set of unique and complicated questions to the field of Digital Forensics. Although IoT data could be a rich source of evidence, forensics professionals cope with diverse problems, starting from the huge variety of IoT devices and non-standard formats, to the multi-tenant cloud infrastructure and the resulting multi-jurisdictional litigations. A further challenge is the end-to-end encryption which represents a trade-off between users’ right to privacy and the success of the forensics investigation. Due to its volatile nature, digital evidence has to be acquired and analyzed using validated tools and techniques that ensure the maintenance of the Chain of Custody. Therefore, the purpose of this paper is to identify and discuss the main issues involved in the complex process of IoT-based investigations, particularly all legal, privacy and cloud security challenges. Furthermore, this work provides an overview of the past and current theoretical models in the digital forensics science. Special attention is paid to frameworks that aim to extract data in a privacy-preserving manner or secure the evidence integrity using decentralized blockchain-based solutions. In addition, the present paper addresses the ongoing Forensics-as-a-Service (FaaS) paradigm, as well as some promising cross-cutting data reduction and forensics intelligence techniques. Finally, several other research trends and open issues are presented, with emphasis on the need for proactive Forensics Readiness strategies and generally agreed-upon standards.

A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks

Abstract: With increasing reliance on Internet of Things (IoT) devices and services, the capability to detect intrusions and malicious activities within IoT networks is critical for resilience of the network infrastructure. In this paper, we present a novel model for intrusion detection based on two-layer dimension reduction and two-tier classification module, designed to detect malicious activities such as User to Root (U2R) and Remote to Local (R2L) attacks. The proposed model is using component analysis and linear discriminate analysis of dimension reduction module to spate the high dimensional dataset to a lower one with lesser features. We then apply a two-tier classification module utilizing Naive Bayes and Certainty Factor version of K-Nearest Neighbor to identify suspicious behaviors. The experiment results using NSL-KDD dataset shows that our model outperforms previous models designed to detect U2R and R2L attacks.