Forensics
Discipline/Area Specialists
Dr. Craig Valli c.valli@ecu.edu.au
Dr. Andrew Woodward a.woodward@ecu.edu.au
Area Adjuncts
Dr. Andrew Jones BT Security Research Labs
Wayne Jansen NIST
Current Research Projects
Investigation into PalmOS Images
This is ongoing research into PalmOS handheld devices and the way they are forensically acquired. This has been across a number of handhelds from Palm III to Palm 505. The handhelds are used and then imaged on pdd or EnCase for analysis.
Secure Disposal of Hard Disk
This is on-going research into secure disposal of hard disk mechanisms. The research method is simple hard disks are purchased through public auctions or acquired at on-line auctions randomly. The hard disks are then acquired and analysed for contents if any. The level of exposure is rated and documented the original disk images are then destroyed to protect the unwary.
Rainbow Table generation and utilisation
The generation of rainbow tables it a computationally intensive task hence one of the reasons why the group has a beowulf grid constructed of three main clusters. Building the tables takes considerable time even for some of the Opteron nodes in the cluster. Novel ways are being developed to utilise the constructed tables for rapid breaking of cryptography.
Network Scavenger/Alerter
An investigation into developing a tool for alerting of illicit content. The tool will use caching, mirroring and forensic technology to scan network traffic for illcit traffic.
Creation of an analysis framework for mobile devices and Compendium development
Creation of a framework for mobile device acquisition. This will then be used to develop a compendium of data on appropriate tools and techniques for each type of phone.
Investigation of recovery of data from the Flash memory devices
This will look at acquiring evidence from flash memory devices through the by passing of the flash transformation layer allowing examiners to access data that is not being indexed by this layer.
Forensic Computing Publications
The following are refereed publications and papers by the SCISSEC Research group:
2005
Hicks, M. (2005) An analysis of organisational barriers to the effective use of information system audit trails, CISSE-AP - 1st Colloquium for Information Systems Security Education – Asia Pacific, 21st -22nd November 2005, UniSA, Adelaide, South Australia
Innes,S. (2005) Secure Deletion And The Effectiveness Of Evidence Elimination Software, In Proceedings of the 3rd Australian Computer, Network & Information Forensics Conference, School of Computer and, Information Science, Edith Cowan University, Perth, Western Australia pp. 24-43
Valli, C. and Jones, A. (2005) A UK and Australian Study of Hard Disk Disposal, In 3rd Australian Computer, Information and Network Forensics Conference, School of Computer and Information Science, Edith Cowan University, Mount Lawley, Western Australia.
Valli, C. and Patak, P. (2005) An investigation into the efficiency of forensic erasure tools for hard disk mechanisms, In 3rd Australian Computer, Information and Network Forensics Conference School of Computer and Information Science, Edith Cowan University, Mount Lawley, Western Australia
Morfitt, K. and Valli, C. (2005) After Conversation: ICQ Logfile Analysis, In Proceedings of 3rd Australian Computer, Information and Network Forensics Conference School of Computer and Information Science, Edith Cowan University, Mount Lawley, Western Australia
Valli, C. (2005). Issues relating to the Forensics Analysis of PDA and Telephony (PDAT) enabled devices. ECIW 2005: 4th European Conference on Information Warfare, University of Glamorgan, UK Wales, MCIL.
Wong,L.W (2005), Information Gathering Using Google, In Proceedings Of The 3rd Australian Computer, Network & Information Forensics Conference, School of Computer and, Information Science, Edith Cowan University, Perth, Western Australia pp.87-107
Woodward,A. (2005) The Effectiveness Of Commercial Erasure Programs On Bittorrent Activity, In Proceedings of the 3rd Australian Computer, Network & Information Forensics Conference, School of Computer and, Information Science, Edith Cowan University, Perth, Western Australia pp.108-114
2004
Frichot,C. (2004). An Analysis and Comparison of Clustered Password Crackers, 2nd Australian Computer, Information and Network Forensics Conference, Perth, Western Australia
Frichot, C. (2004) Analysis of the Integrity of Palm Images Acquired with PDD, 2nd Australian Computer, Information and Network Forensics Conference, Perth, Western Australia
Valli, C. (2004) Throwing out the Enterprise with the Hard Disk, 2nd Australian Computer, Information and Network Forensics Conference, Perth, Western Australia
Valli, C. (2004) Wireless Snort - WIDS in progress, 2nd Australian Computer, Information and Network Forensics Conference, Perth, Western Australia
Yek, S. (2004) Implementing Network Defence Using Deception in a Wireless Honeypot, 2nd Australian Computer, Information and Network Forensics Conference, Perth, Western Australia
2003
Gupta, N (2003) Is Honeyd Effective or Not? In Proceedings of 1st Australian Computer, Information and Network Forensics Conference School of Computer and Information Science, Edith Cowan University, Mount Lawley, Western Australia
Valli, C. (2003) Honeyd – A OS Fingerprinting Artifice, In Proceedings of 1st Australian Computer, Information and Network Forensics Conference School of Computer and Information Science, Edith Cowan University, Mount Lawley, Western Australia
Waghorn, T (2003) Testing the Date Maintenance of the File Allocation Table File System, In Proceedings of 1st Australian Computer, Information and Network Forensics Conference School of Computer and Information Science, Edith Cowan University, Mount Lawley, Western Australia
Yek, S. (2003). Measuring the effectiveness of deception in a wireless honeypot. 1st Australian Computer, Information and Network Forensics Conference, Scarborough, Western Australia
convert this post to pdf.