DOCSLIB.ORG

Digital Forensics: Methods and Tools for Retrieval and Analysis of Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Digital Forensics: Methods and Tools for Retrieval and Analysis of Security NORGES TEKNISK-NATURVITENSKAPELIGE UNIVERSITET FAKULTET FOR INFORMASJONSTEKNOLOGI, MATEMATIKK OG ELEKTROTEKNIKK MASTEROPPGAVE Kandidatens navn: Andreas Grytting Furuseth Fag: Datateknikk Oppgavens tittel (norsk): Oppgavens tittel (engelsk): Digital Forensics: Methods and tools for re- trieval and analysis of security credentials and hidden data. Oppgavens tekst: The student is to study methods and tools for retrieval and analysis of security credentials and hidden data from different media (including hard disks, smart cards, and network traffic). The student will perform prac- tical experiments using forensic tools and attempt to identify possibilities for automating evidence analysis with respect to e.g. passwords, crypto- graphic keys, encrypted data, steganography, etc. The student will also study the correlation of identified security credentials from different media in order to improve the possibility of successful identification and decryp- tion of encrypted data. Oppgaven gitt: 28. Januar 2005 Besvarelsen leveres innen: 1. August 2005 Besvarelsen levert: 15. Juli 2005 Utført ved: Institutt for datateknikk og informasjonsvitenskap Q2S - Centre for Quantifiable Quality of Service in Communication Systems Veileder: Andr´e Arnes˚ Trondheim, 15. Juli 2005 Torbjørn Skramstad Faglærer Abstract Steganography is about information hiding; to communicate securely or conceal the existence of certain data. The possibilities provided by steganography are appealing to criminals and law enforcement need to be up-to-date. This master thesis provides investigators with insight into methods and tools for steganog- raphy. Steganalysis is the process of detecting messages hidden using steganography and is examined together with methods to detect steganography usage. This report proposes digital forensic methods for retrieval and analysis of steganog- raphy during a digital investigation. The result is the following list of methods to defeat steganography: • Physical crime scene investigation • Steganalysis • Detection of steganography software • Traces of steganography software • Locating pairs of carrier/stego-files • Key word search and activity monitoring • Suspect’s computer knowledge • Unlikely files • Locating steganography keys • Hidden storage locations These proposed methods are examined using scenarios. From the examination of steganography and these cases, it is concluded that the recommended meth- ods can be automated and increase the chances for an investigator to detect steganography. i Preface This thesis is a result from work done as the part of a master’s degree from the Department of Computer and Information Science, NTNU. The title of the project is “Digital Forensics: Methods and tools for retrieval and analysis of se- curity credentials and hidden data” and has been proposed by Andr´e Arnes˚ from Q2S - Centre for Quantifiable Quality of Service in Communication Systems. Arnes˚ also did the supervising of this master thesis. The focus of the project is on studying steganography in the context of digital forensics. The thesis covers tools and methods for steganography and how these can be detected. The objective is to create digital forensic methods to detect steganography, which can be used in the process of a digital investigation. I would like to thank everybody who supported me and inspired me to work on this project, especially Andr´e Arnes˚ and Professor Torbjørn Skramstad for guidance and motivation. Trondheim, July 15, 2005 Andreas Grytting Furuseth iii Contents Abstract i Preface iii 1 Introduction 3 1.1 Motivation .............................. 3 1.2 Introduction to digital forensics ................... 4 1.3 Introduction to steganography ................... 4 1.3.1 The use for steganography .................. 5 1.4 Interpretation of scope ....................... 5 1.5 Document organization ....................... 6 2 Digital Forensics 7 2.1 Forensic Science ............................ 7 2.2 Digital Forensic ............................ 8 2.3 Forensic methodology ........................ 8 2.3.1 An integrated digital investigation process ......... 9 2.3.2 Chain of Custody and Integrity documentation ...... 11 2.4 Digital forensic tools ......................... 12 2.4.1 Acquisition tools ....................... 12 2.4.2 Documenting evidence .................... 12 2.4.3 Analysis tools ......................... 13 2.4.4 Automatic identification of known software and files ... 14 2.4.5 Tool summary ........................ 14 3 Steganography 15 3.1 Introduction to steganography ................... 15 3.2 Terminology .............................. 16 3.2.1 Simple steganography .................... 17 3.2.2 Secret key steganography .................. 17 3.2.3 Public key steganography .................. 17 3.2.4 A formal model of steganography .............. 18 3.3 Steganography and cryptography .................. 19 3.4 Digital watermarking ......................... 19 3.5 Usage of steganography ....................... 20 3.5.1 Steganography encountered in digital forensics ...... 21 3.6 Classification of information hiding ................. 22 3.7 Different methods for embedding .................. 24 v vi CONTENTS 3.7.1 Data appending ....................... 24 3.7.2 Adding comments ...................... 25 3.7.3 File headers .......................... 25 3.7.4 Spatial domain ........................ 25 3.7.5 Transform domain ...................... 25 3.7.6 Statistics-aware embedding ................. 25 3.7.7 Pseudo-random embedding ................. 26 3.8 Classification of steganography software .............. 26 3.8.1 Steganography software generations ............ 26 3.8.2 Steganography software strength .............. 26 3.8.3 Steganography software availability ............. 27 3.8.4 The classification ....................... 27 4 Analysis of steganography software 29 4.1 Introduction .............................. 29 4.2 Description of EzStego ........................ 30 4.2.1 Usage of EzStego ....................... 31 4.2.2 Detection of EzStego ..................... 31 4.2.3 Message extraction ...................... 33 4.3 Description of Mandelsteg ...................... 33 4.3.1 Usage of Mandelsteg ..................... 33 4.3.2 Detection of Mandelsteg ................... 34 4.3.3 Message extration ...................... 34 4.4 Description of Spam Mimic ..................... 35 4.4.1 Usage of Spam Mimic .................... 35 4.4.2 Detection of Spam Mimic .................. 36 4.4.3 Message extraction ...................... 36 4.5 Description of Snow ......................... 36 4.5.1 Usage of Snow ........................ 36 4.5.2 Detection of Snow ...................... 38 4.5.3 Message extraction ...................... 38 4.6 Description of Outguess ....................... 38 4.6.1 Usage of Outguess ...................... 38 4.6.2 Detection of Outguess .................... 41 4.6.3 Message extraction ...................... 41 4.7 Description of appendX ....................... 42 4.7.1 Usage of appendX ...................... 42 4.7.2 Detection of appendX .................... 44 4.7.3 Message extraction ...................... 44 4.8 Description of Invisible Secrets ................... 44 4.8.1 Usage of Invisible Secrets .................. 44 4.8.2 Detection of Invisible Secrets ................ 45 4.8.3 Message extraction ...................... 45 4.9 Discussion ............................... 47 5 Steganalysis 49 5.1 Introduction .............................. 49 5.2 Introduction to steganalysis ..................... 49 5.2.1 The Prisoner’s Problem ................... 49 5.3 Description of steganalysis ...................... 50 CONTENTS vii 5.4 Attacks on steganography ...................... 51 5.4.1 Steganalysis and digital forensics .............. 51 5.4.2 Steganalysis: Detection of stego-messages ......... 52 5.4.3 Extracting hidden information ............... 54 5.4.4 Disabling hidden information ................ 55 6 Analysis of steganalysis software 57 6.1 Introduction .............................. 57 6.1.1 Disabling hidden information ................ 58 6.2 Description of StegSpy ........................ 58 6.2.1 Usage of StegSpy ....................... 58 6.2.2 Examination of StegSpy ................... 58 6.3 Description of Stegdetect ...................... 60 6.3.1 Usage of Stegdetect ..................... 60 6.3.2 Examination of Stegdetect .................. 60 6.4 Description of Stegbreak ....................... 61 6.4.1 Usage of Stegbreak ...................... 61 6.4.2 Examination of Stegbreak .................. 61 6.5 Description of Stego Suite ...................... 62 6.5.1 Usage of Stego Suite ..................... 62 6.5.2 Examination of Stego Watch ................ 62 6.6 Description of StegAnlyzer ...................... 62 6.6.1 Usage of StegAnalyzer .................... 62 6.6.2 Examination of StegAnalyzer ................ 62 6.7 Discussion ............................... 63 7 Digital forensics and steganography 65 7.1 Defeating steganography ....................... 65 7.1.1 Physical crime scene investigation ............. 66 7.1.2 Steganalysis .......................... 66 7.1.3 Detection of steganography software ............ 67 7.1.4 Traces of steganography software .............. 67 7.1.5 Locating pairs of carrier/stego-files ............. 67 7.1.6 Key word search and activity monitoring ......... 68 7.1.7 Suspect’s computer knowledge ............... 68 7.1.8 Unlikely files ......................... 68 7.1.9 Locating steganography keys ................ 69 7.1.10 Hidden storage locations
Load more

Recommended publications
  • Trends Toward Real-Time Network Data Steganography
    TRENDS TOWARD REAL-TIME NETWORK DATA STEGANOGRAPHY James Collins, Sos Agaian Department of Electrical and Computer Engineering The University of Texas at San Antonio, San Antonio, Texas, USA [email protected], [email protected] Abstract Network steganography has been a well-known covert data channeling method for over three decades. The basic set of techniques and implementation tools have not changed significantly since their introduction in the early 1980’s. In this paper, we review the predominant methods of classical network steganography, describing the detailed operations and resultant challenges involved in embedding data in the network transport domain. We also consider the various cyber threat vectors of network steganography and point out the major differences between classical network steganography and the widely known end-point multimedia embedding techniques, which focus exclusively on static data modification for data hiding. We then challenge the security community by introducing an entirely new network data hiding methodology, which we refer to as real-time network data steganography. Finally, we provide the groundwork for this fundamental change of covert network data embedding by introducing a system-level implementation for real-time network data operations that will open the path for even further advances in computer network security. KEYWORDS Network Steganography, Real-time Networking, TCP/IP Communications, Network Protocols 1. INTRODUCTION Even though the origins of steganography reach back to the time of ancient Greece, to Herodotus in 440 BC, the art of steganography continues to evolve. This is especially true in the technical methods of digital embedding [1][2]. Digital steganography has been used since the early 1980’s and network steganography techniques quickly evolved with the advent of the Internet and standardized multimedia formats used for data exchange [3].
    [Show full text]
  • Cybersecurity, IT-Aided Education, and Teles: Nexus, Vistas & Realities
    CYBERSECURITY, IT-AIDED EDUCATION, AND TELES: NEXUS, VISTAS & REALITIES Emmanuel C. Ogu* Department of Computer Science, [email protected] School of Computing and Engineer- ing Sciences, Babcock University, Ilishan-Remo, Ogun State, Nigeria. Chiemela Ogu EMINDA Konsults, Yaba, Lagos, [email protected] Nigeria. * Corresponding author ABSTRACT Background The current decade has witnessed rising spates of threats and attacks that have threatened the safety and security of cyberspace, thereby giving rise to contem- porary discourses pertaining the realities that these ominous trends portend for technology innovation and digitalisation, in the emerging global digital society. In the process, the technological capabilities that have been used to effectively harness the efficiency that this virtual space provides for contemporary educa- tion and learning have been defamed. Aim/Purpose This exploratory research interrogates the possible relationships between the contemporary concerns of global cyber security, and the realities and prospects of IAE and TeLEs, while elucidating the crucial factors that impose on such relationship(s). Methodology This research adopts the qualitative research methodology with an exploratory approach to interrogate the various contemporary concerns of global cyberse- curity as contained in existing literature, especially as it affects the proliferation and adoption of IT-aided education and Technology-enhanced Learning Envi- ronments (TeLEs); based on a systematic correlational analysis of key interpos- ing concepts. Contribution The research presents an overview of the current status and prospects of de- velopment of IAE and TeLEs, as well as the nature of the realities associated with contemporary concerns of global cybersecurity; then also discussing how these cybersecurity concerns impact on the wider adoption and implementation of IAE and TeLEs.
    [Show full text]
  • Steganography- a Data Hiding Technique
    International Journal of Computer Applications (0975 – 8887) Volume 9– No.7, November 2010 Steganography- A Data Hiding Technique Arvind Kumar Km. Pooja Assistant Professor Vankateshwara institute of computer Vidya College of engineering, Meerut, India Science and technology, Meerut, India ABSTRACT In steganography, the possible cover carriers are innocent looking Steganography is the art of hiding information and an effort to carriers (images, audio, video, text, or some other digitally conceal the existence of the embedded information. It serves as a representative code) which will hold the hidden information. A better way of securing message than cryptography which only message is the information hidden and may be plaintext, cipher text, conceals the content of the message not the existence of the message. images, or anything that can be embedded into a bit stream. Together Original message is being hidden within a carrier such that the the cover carrier and the embedded message create a stego-carrier. changes so occurred in the carrier are not observable. In this paper we Hiding information may require a stego key which is additional secret will discuss how digital images can be used as a carrier to hide information, such as a password, required for embedding the messages. This paper also analyses the performance of some of the information. For example, when a secret message is hidden within a steganography tools. Steganography is a useful tool that allows covert cover image, the resulting product is a stego-image. transmission of information over an over the communications A possible formula of the process may be represented as: cover channel.
    [Show full text]
  • Defending Against Insider Use of Digital Steganography
    2007 Annual ADFSL Conference on Digital Forensics, Security and Law Proceedings Defending Against Insider Use of Digital Steganography James E. Wingate CISSP-ISSEP, CISM, IAM, Backbone Security, [email protected] Glenn D. Watt CISSP, CISM, IAM, IEM, Backbone Security, [email protected] Marc Kurtz CISSP, Backbone Security, [email protected] Chad W. Davis CCE, Backbone Security, [email protected] Robert Lipscomb Backbone Security, [email protected] Follow this and additional works at: https://commons.erau.edu/adfsl Part of the Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, and the Information Security Commons Scholarly Commons Citation Wingate, James E.; Watt, Glenn D.; Kurtz, Marc; Davis, Chad W.; and Lipscomb, Robert, "Defending Against Insider Use of Digital Steganography" (2007). Annual ADFSL Conference on Digital Forensics, Security and Law. 1. https://commons.erau.edu/adfsl/2007/session-11/1 This Peer Reviewed Paper is brought to you for free and open access by the Conferences at Scholarly Commons. It has been accepted for inclusion in Annual ADFSL Conference on Digital Forensics, Security and Law by an (c)ADFSL authorized administrator of Scholarly Commons. For more information, please contact [email protected]. Conference on Digital Forensics, Security and Law, 2007 Defending Against Insider Use of Digital Steganography James E. Wingate, CISSP-ISSEP, Glenn D. Watt, CISSP,
    [Show full text]
  • The Pragmatics of Powerlessness in Police Interrogation
    Seattle University School of Law Digital Commons Faculty Scholarship 1-1-1993 In a Different Register: The Pragmatics of Powerlessness in Police Interrogation Janet Ainsworth Follow this and additional works at: https://digitalcommons.law.seattleu.edu/faculty Part of the Constitutional Law Commons Recommended Citation Janet Ainsworth, In a Different Register: The Pragmatics of Powerlessness in Police Interrogation, 103 YALE L.J. 259 (1993). https://digitalcommons.law.seattleu.edu/faculty/287 This Article is brought to you for free and open access by Seattle University School of Law Digital Commons. It has been accepted for inclusion in Faculty Scholarship by an authorized administrator of Seattle University School of Law Digital Commons. For more information, please contact [email protected]. Articles In a Different Register: The Pragmatics of Powerlessness in Police Interrogation Janet E. Ainswortht CONTENTS I. INTRODUCTION ............................................ 260 II. How WE Do THINGS WITH WORDS .............................. 264 A. Performative Speech Acts ................................. 264 B. Indirect Speech Acts as Performatives ......................... 267 C. ConversationalImplicature Modifying Literal Meaning ............. 268 H. GENDER AND LANGUAGE USAGE: A DIFFERENT REGISTER .............. 271 A. Characteristicsof the Female Register ........................ 275 1. Hedges ........................................... 276 2. Tag Questions ...................................... 277 t Associate Professor of Law, University of Puget Sound School of Law. B.A. Brandeis University, M.A. Yale University, J.D. Harvard Law School. My appreciative thanks go to Harriet Capron and Blain Johnson for their able research assistance. I am also indebted to Melinda Branscomb, Jacqueline Charlesworth, Annette Clark, Sid DeLong, Carol Eastman, Joel Handler, Robin Lakoff, Debbie Maranville, Chris Rideout, Kellye Testy, Austin Sarat, and David Skover for their helpful comments and suggestions.
    [Show full text]
  • Interrogation Nation: Refugees and Spies in Cold War Germany Douglas Selvage / Office of the Federal Commissioner for the Stasi Records
    Interrogation Nation: Refugees and Spies in Cold War Germany Douglas Selvage / Office of the Federal Commissioner for the Stasi Records In Interrogation Nation: Refugees and Spies in Cold War Germany, historian Keith R. Allen analyzes the “overlooked story of refugee screening in West Germany” (p. xv). Building upon his previous German-language study focused on such screening at the Marienfelde Refugee Center in West Berlin (Befragung - Überprüfung - Kontrolle: die Aufnahme von DDR- Flüchtlingen in West-Berlin bis 1961, Berlin: Ch. Links, 2013), Allen examines the places, personalities, and practices of refugee screening by the three Western Powers, as well as the German federal government, in West Berlin and throughout West Germany. The topic is particularly timely since, as Allen notes, many of “the screening programs established during the darkest days of the Cold War” (p. xv) continue today, although their targets have shifted. The current political debates about foreign and domestic intelligence activities in Germany, including the issue of refugee screening, echo earlier disputes from the years of the Bonn Republic. The central questions remain: To what extent have citizenship rights and the Federal Republic’s sovereignty been compromised by foreign and domestic intelligence agencies – largely with the consent of the German government – in the name of security? BERLINER KOLLEG KALTER KRIEG | BERLIN CENTER FOR COLD WAR STUDIES 2017 Douglas Selvage Interrogation Nation Allen divides his study into three parts. In Part I, he focuses on “places” – the various sites in occupied West Berlin and western Germany where refugees were interrogated. He sifts through the alphabet soup of acronyms of US, British, French, and eventually West German civilian and military intelligence services and deciphers the cover names of the institutions and locations at which they engaged in screening activities during the Cold War and beyond.
    [Show full text]
  • Image Steganography Applications for Secure Communication
    IMAGE STEGANOGRAPHY APPLICATIONS FOR SECURE COMMUNICATION by Tayana Morkel Submitted in partial fulfillment of the requirements for the degree Master of Science (Computer Science) in the Faculty of Engineering, Built Environment and Information Technology University of Pretoria, Pretoria May 2012 © University of Pretoria Image Steganography Applications for Secure Communication by Tayana Morkel E-mail: [email protected] Abstract To securely communicate information between parties or locations is not an easy task considering the possible attacks or unintentional changes that can occur during communication. Encryption is often used to protect secret information from unauthorised access. Encryption, however, is not inconspicuous and the observable exchange of encrypted information between two parties can provide a potential attacker with information on the sender and receiver(s). The presence of encrypted information can also entice a potential attacker to launch an attack on the secure communication. This dissertation investigates and discusses the use of image steganography, a technology for hiding information in other information, to facilitate secure communication. Secure communication is divided into three categories: self-communication, one-to-one communication and one-to-many communication, depending on the number of receivers. In this dissertation, applications that make use of image steganography are implemented for each of the secure communication categories. For self-communication, image steganography is used to hide one-time passwords (OTPs) in images that are stored on a mobile device. For one-to-one communication, a decryptor program that forms part of an encryption protocol is embedded in an image using image steganography and for one-to-many communication, a secret message is divided into pieces and different pieces are embedded in different images.
    [Show full text]
  • Hiding Images in Plain Sight: Deep Steganography
    Hiding Images in Plain Sight: Deep Steganography Shumeet Baluja Google Research Google, Inc. [email protected] Abstract Steganography is the practice of concealing a secret message within another, ordinary, message. Commonly, steganography is used to unobtrusively hide a small message within the noisy regions of a larger image. In this study, we attempt to place a full size color image within another image of the same size. Deep neural networks are simultaneously trained to create the hiding and revealing processes and are designed to specifically work as a pair. The system is trained on images drawn randomly from the ImageNet database, and works well on natural images from a wide variety of sources. Beyond demonstrating the successful application of deep learning to hiding images, we carefully examine how the result is achieved and explore extensions. Unlike many popular steganographic methods that encode the secret message within the least significant bits of the carrier image, our approach compresses and distributes the secret image’s representation across all of the available bits. 1 Introduction to Steganography Steganography is the art of covered or hidden writing; the term itself dates back to the 15th century, when messages were physically hidden. In modern steganography, the goal is to covertly communicate a digital message. The steganographic process places a hidden message in a transport medium, called the carrier. The carrier may be publicly visible. For added security, the hidden message can also be encrypted, thereby increasing the perceived randomness and decreasing the likelihood of content discovery even if the existence of the message detected. Good introductions to steganography and steganalysis (the process of discovering hidden messages) can be found in [1–5].
    [Show full text]
  • Data Hiding Using Steganography and Cryptography
    Varsha et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.4, April- 2015, pg. 802-805 Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320–088X IJCSMC, Vol. 4, Issue. 4, April 2015, pg.802 – 805 REVIEW ARTICLE Data Hiding Using Steganography and Cryptography Varsha1, Dr. Rajender Singh Chhillar2 1M.Tech Student, Department of Computer Science & Application, M.D. University, Rohtak-124001 2Professor & Former Head, Department of Computer Science & Application, M.D. University, Rohtak-124001 1Email Id: [email protected] Abstract — Steganography and Cryptography are two popular ways of sending vital information in a secret way. One hides the existence of the message and the other distorts the message itself. This paper discussed a technique used on the advanced LSB (least significant bit) and RSA algorithm. By matching data to an image, there is less chance of an attacker being able to use steganalysis to recover data. Before hiding the data in an image the application first encrypts it. Keywords— RSA algorithm, cryptography, steganography, LSB method I. INTRODUCTION The growing use of Internet among public masses and availability of public and private digital data and its sharing has driven industry professionals and researchers to pay a particular attention to information security. Internet users frequently need to store, send, or receive private information and this private information needs to be protected against unauthorized access and attacks. Presently, three main methods of information security being used: watermarking, cryptography and steganography. In watermarking, data are hidden to convey some information about the cover medium such as ownership and copyright.
    [Show full text]
  • Ten Strategies of a World-Class Cybersecurity Operations Center Conveys MITRE’S Expertise on Accumulated Expertise on Enterprise-Grade Computer Network Defense
    Bleed rule--remove from file Bleed rule--remove from file MITRE’s accumulated Ten Strategies of a World-Class Cybersecurity Operations Center conveys MITRE’s expertise on accumulated expertise on enterprise-grade computer network defense. It covers ten key qualities enterprise- grade of leading Cybersecurity Operations Centers (CSOCs), ranging from their structure and organization, computer MITRE network to processes that best enable effective and efficient operations, to approaches that extract maximum defense Ten Strategies of a World-Class value from CSOC technology investments. This book offers perspective and context for key decision Cybersecurity Operations Center points in structuring a CSOC and shows how to: • Find the right size and structure for the CSOC team Cybersecurity Operations Center a World-Class of Strategies Ten The MITRE Corporation is • Achieve effective placement within a larger organization that a not-for-profit organization enables CSOC operations that operates federally funded • Attract, retain, and grow the right staff and skills research and development • Prepare the CSOC team, technologies, and processes for agile, centers (FFRDCs). FFRDCs threat-based response are unique organizations that • Architect for large-scale data collection and analysis with a assist the U.S. government with limited budget scientific research and analysis, • Prioritize sensor placement and data feed choices across development and acquisition, enteprise systems, enclaves, networks, and perimeters and systems engineering and integration. We’re proud to have If you manage, work in, or are standing up a CSOC, this book is for you. served the public interest for It is also available on MITRE’s website, www.mitre.org. more than 50 years.
    [Show full text]
  • An Approach for Stego-Insider Detection Based on a Hybrid Nosql Database †
    Journal of Sensor and Actuator Networks Article An Approach for Stego-Insider Detection Based on a Hybrid NoSQL Database † Igor Kotenko 1,* , Andrey Krasov 2 , Igor Ushakov 2 and Konstantin Izrailov 1,2 1 St. Petersburg Federal Research Center of the Russian Academy of Sciences, 199178 St. Petersburg, Russia; [email protected] 2 Department of Secured Communication Systems, The Bonch-Bruevich State University of Telecommunications, 199178 St. Petersburg, Russia; [email protected] (A.K.); [email protected] (I.U.) * Correspondence: [email protected] † This paper is an extended version of the conference paper: Igor Kotenko, Andrey Krasov, Igor Ushakov and Konstantin Izrailov. Detection of Stego-Insiders in Corporate Networks Based on a Hybrid NoSQL Database Model. The 4th International Conference on Future Networks and Distributed Systems (ICFNDS 2020). Saint-Petersburg, Russia, 26–27 November 2020. Abstract: One of the reasons for the implementation of information security threats in organizations is the insider activity of its employees. There is a big challenge to detect stego-insiders-employees who create stego-channels to secretly receive malicious information and transfer confidential information across the organization’s perimeter. Especially presently, with great popularity of wireless sensor networks (WSNs) and Internet of Things (IoT) devices, there is a big variety of information that could be gathered and processed by stego-insiders. Consequently, the problem arises of identifying such intruders and their transmission channels. The paper proposes an approach to solving this Citation: Kotenko, I.; Krasov, A.; problem. The paper provides a review of the related works in terms of insider models and methods Ushakov I.; Izrailov K.
    [Show full text]
  • Tradecraft Primer: a Framework for Aspiring Interrogators
    Journal of Strategic Security Volume 9 Number 4 Volume 9, No. 4, Special Issue Winter 2016: Understanding and Article 11 Resolving Complex Strategic Security Issues Tradecraft Primer: A Framework for Aspiring Interrogators. By Paul Charles Topalian. Boca Raton, FL: CRC Press, 2016. Mark J. Roberts Subject Matter Expert Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 139-141 Recommended Citation Roberts, Mark J.. "Tradecraft Primer: A Framework for Aspiring Interrogators. By Paul Charles Topalian. Boca Raton, FL: CRC Press, 2016.." Journal of Strategic Security 9, no. 4 (2016) : 139-141. DOI: http://dx.doi.org/10.5038/1944-0472.9.4.1576 Available at: https://scholarcommons.usf.edu/jss/vol9/iss4/11 This Book Review is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Tradecraft Primer: A Framework for Aspiring Interrogators. By Paul Charles Topalian. Boca Raton, FL: CRC Press, 2016. This book review is available in Journal of Strategic Security: https://scholarcommons.usf.edu/jss/ vol9/iss4/11 Roberts: Tradecraft Primer: A Framework for Aspiring Interrogators. By Pau Tradecraft Primer: A Framework for Aspiring Interrogators. By Paul Charles Topalian. Boca Raton, FL: CRC Press, 2016. ISBN 978-1-4987-5114-8. Photographs. Figures. Sources cited. Index. Pp. xv, 140. $59.95. Interrogation is a word fraught with many inferences and implications. Revelations of waterboarding, incidents in Abu Graib and Guantanamo, and allegations of police impropriety in obtaining confessions have all cast the topic in a negative light in recent years.
    [Show full text]