The Journal of Digital Forensics, Security and Law 

About: The Journal of Digital Forensics, Security and Law is an academic journal published by Association of Digital Forensics, Security and Law. The journal publishes majorly in the area(s): Digital forensics & Computer forensics. It has an ISSN identifier of 1558-7215. It is also open access. Over the lifetime, 292 publications have been published receiving 2305 citations. The journal is also known as: JDFSL.

Computer Forensics Field Triage Process Model

Abstract: With the proliferation of digital based evidence, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. In many investigations critical information is required while at the scene or within a short period of time - measured in hours as opposed to days. The traditional cyber forensics approach of seizing a system(s)/media, transporting it to the lab, making a forensic image(s), and then searching the entire system for potential evidence, is no longer appropriate in some circumstances. In cases such as child abductions, pedophiles, missing or exploited persons, time is of the essence. In these types of cases, investigators dealing with the suspect or crime scene need investigative leads quickly; in some cases it is the difference between life and death for the victim(s). The Cyber Forensic Field Triage Process Model (CFFTPM) proposes an onsite or field approach for providing the identification, analysis and interpretation of digital evidence in a short time frame, without the requirement of having to take the system(s)/media back to the lab for an in-depth examination or acquiring a complete forensic image(s). The proposed model adheres to commonly held forensic principles, and does not negate the ability that once the initial field triage is concluded, the system(s)/storage media be transported back to a lab environment for a more thorough examination and analysis. The CFFTPM has been successfully used in various real world cases, and its investigative importance and pragmatic approach has been amply demonstrated. Furthermore, the derived evidence from these cases has not been challenged in the court proceedings where it has been introduced. The current article describes the CFFTPM in detail, discusses the model’s forensic soundness, investigative support capabilities and practical considerations.

Towards a More Representative Definition of Cyber Security

Abstract: In recent years, ‘Cyber Security’ has emerged as a widely-used term with increased adoption by practitioners and politicians alike. However, as with many fashionable jargon, there seems to be very little understanding of what the term really entails. Although this is may not be an issue when the term is used in an informal context, it can potentially cause considerable problems in context of organizational strategy, business objectives, or international agreements. In this work, we study the existing literature to identify the main definitions provided for the term ‘Cyber Security’ by authoritative sources. We then conduct various lexical and semantic analysis techniques in an attempt to better understand the scope and context of these definitions, along with their relevance. Finally, based on the analysis conducted, we propose a new improved definition that we then demonstrate to be a more representative definition using the same lexical and semantic analysis techniques.

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

Abstract: Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks. Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services. This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented.

Accurate modeling of the siemens s7 scada protocol for intrusion detection and digital forensics

Abstract: The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI) and the Programmable Logic Controllers (PLCs) This paper presents a model-based Intrusion Detection Systems (IDS) designed for S7 networks The approach is based on the key observation that S7 trac to and from a specic PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA) The resulting DFA-based IDS is very sensitive and is able to ag anomalies such as a message appearing out of its position in the normal sequence or a message referring to a single unexpected bit The intrusion detection approach was evaluated on trac from two production systems Despite its high sensitivity, the system had a very low false positive rate - over 9982% of the trac was identied as normal

Electronic Voting Service Using Block-Chain

Abstract: Cryptocurrency, and its underlying technologies, has been gaining popularity for transaction management beyond financial transactions. Transaction information is maintained in the block-chain, which can be used to audit the integrity of the transaction. The focus on this paper is the potential availability of block-chain technology of other transactional uses. Block-chain is one of the most stable open ledgers that preserves transaction information, and is difficult to forge. Since the information stored in block-chain is not related to personally identify information, it has the characteristics of anonymity. Also, the block-chain allows for transparent transaction verification since all information in the block-chain is open to the public. These characteristics are the same as the requirements for a voting system. That is, strong robustness, anonymity, and transparency. In this paper, we propose an electronic voting system as an application of block-chain, and describe block-chain based voting at a national level through examples.