[CFP] DFRWS 2014 Forensic Challenge: Mobile Malware Analysis
See the challenge page for more information:
Submission deadline: May 30, 2014
Mobile Malware Analysis
The overall goal of this challenge is to raise the state of the art in digital forensic practice by providing an open public venue for a best-of-breed competition. We challenge contestants to demonstrate effective methods and to develop open source tools for analyzing mobile malware. The winner will be announced in August at the DFRWS USA 2014 conference in Denver, CO.
Some examples of capabilities we would like to see:
<ul><li>Extracting metadata and components</li><li>Decompiling mobile malware</li><li>Decoding data associated with mobile malware</li><li>Behavioral scanners running on localhost (rather than web-based services)</li><li>Identifying potentially malicious functions</li></ul>
Contestants are encouraged to select malware samples that are interesting from a forensic analysis perspective, and that exhibit many of the challenges presented by mobile malware.
Mobile malware samples can be obtained from various sources from various sources for their analysis, including http://www.malgenomeproject.org, virusshare.com, and http://contagiodump.blogspot.com. Alternately send mail to mobilemalware+subscribegooglegroups(d0t)com.
Two Types of Competition
Submissions will be grouped into two categories to encourage both practitioners and researchers/developers to participate.
Practitioners: Forensic analysis of mobile malware using existing best-of-breed methods and supporting tools. These submissions must include the malware samples that were analyzed, and documentation detailing all methods, tools and findings.
Researchers/Developers: Creation of new techniques and tools for analyzing mobile malware.
When submitting your entry to this challenge, please indicate which category you would prefer. Each team can submit only one entry, either as practitioners or researchers/developers (not both).
[CFP] ICDF2C 2014
Don’t forget about the 6th International Conference on Digital Forensics & Cyber Crime, September 18–20, 2014 in New Haven, Connecticut, United States.
The full paper submission deadline is the 16th of May, 2014.
Please see the Call For Papers for more information!
Keeping up with our international and collaborative nature at ICDF2C, we are proud to announce that ICDF2C 2014 will run jointly with Systematic Approaches to Digital Forensic Engineering (SADFE). We are also proud to announce that ICDF2C is continuing collaboration with the Journal of Digital Investigation, the leading international journal in the area of digital forensics and incident response. In addition to the publication of the proceedings in the Lecture Notes of the ICST, the best research papers presented at ICDF2C 2014 will be expanded and peer reviewed for a special issue of the Journal of Digital Investigation.
Special Themes
This year, we have two themes that we intend to embrace. Authors are encouraged to submit papers that embrace these themes:
<ul><li>Big Data in Digital Forensic Investigations</li><li>Digital forensics in the broader context of forensic science, criminalistics and criminology</li></ul>
[How-to] Check if your system is vulnerable to the Heartbleed OpenSSL bug
The Heartbleed OpenSSL bug can leave a lot of systems open to exploitation. To see whether your system is vulnerable try the following.
<div>
</div><div>*I am using Ubuntu, but if OpenSSL is installed on your system, the commands should be similar.</div><div>
Open a terminal or command prompt.
</div><div>First, check your version of OpenSSL:
</div><div>sudo openssl version -a </div><div>
</div><div>The command should output the OpenSSL version number.
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;">
</td></tr><tr><td class="tr-caption" style="text-align: center;">OpenSSL version on Ubuntu that is vulnerable to Heartbleed</td></tr></tbody></table>OpenSSL says you should upgrade to version 1.0.1g. If you manually installed OpenSSL, get the latest source, and install it.</div><div>
</div><div>If you are on Ubuntu, you should also look at the “built on” date. If the date is on or after April 7th, then the patch has been applied. If the date is before April 7th, do a dist-upgrade to update.
</div>sudo apt-get update
sudo apt-get upgrade
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;">
</td></tr><tr><td class="tr-caption" style="text-align: center;">Apt-get upgrade will likely want to upgrade a number of packages, many of which are potentially vulnerable to the attack.</td></tr></tbody></table>Once the upgrade is complete, the “built on” date should be on or after April 7th.
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;">
</td></tr><tr><td class="tr-caption" style="text-align: center;">Patched OpenSSL installation on Ubuntu. Note, the version is still 1.0.1e - make sure to check the build date.</td></tr></tbody></table>Make sure you reboot your system to make sure the changes are applied.
Many vulnerable products will likely be pushing out updates soon. Make sure you update all your devices, including mobile phones and routers.
Indicators of Anti-Forensics
Project: Indicators of Anti-Forensics (IoAF)
Purpose: Digital forensic triage for anti-forensic activities
Status: Active
License: GNU GPLv3
Developer(s): KITRI’s Best of the Best Information Security Program
More information:
The ‘Indicators of Anti-Forensics’ (IoAF) project is an effort towards automated anti-forensic trace detection using signature-based methods. Each “version” represents the work of different KITRI Best of the Best groups to advance the idea.
The main IoAF program uses parsing modules to extract file meta-data and Registry key information from a system under investigation. Pre-defined signatures are stored in a SQLite database that is queried for each extracted object.
Signatures are created by using either real-time or snapshot based analysis on a similar system. Objects that are consistently updated by the action of interest are extracted, and further tested (e.g. how the object is updated). If the object is found to consistently correspond to the action of interest - and only the action of interest - it is included as a trace in the signature.
The purpose of the project so far is not to automatically reconstruct activities, but to quickly detect the presence of anti-forensic traces to let investigators know whether they should pay more interest to this device over others (digital forensic triage).
Related Publications:
<ul><li>James, J. I., Kim, M. S., Choi, J., Lee, S. S., & Kim, E. (2014). A General Approach to Anti-Forensic Activity Detection. eForensics Magazine, vol.3(5). 30–35. [Link]</li></ul>
Links:
<ul><li>Github Repository: https://github.com/hvva/IoAF</li></ul>
[BoB] Anti Forensics Techniques and eForensics Mag
<div style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;">
</div>
As a mentor with KITRI’s “Best of the Best v2.0” information security education program, I was/am a mentor for a digital forensic analysis research group. This group was specifically focusing on anti-forensic action detection, which fits pretty closely with my dissertation work. The first group members produced a brief survey of anti-forensics encountered in the ‘wild’ by Korean Law enforcement. The main contents of the survey are in Korean because I forgot to single an English version…
From two groups working on the same project, a number of similar tools have been created. I’ve forked the main modules that can be found under IoAF at github. Please feel free to contribute or even fork the projects. We are continuing the project this summer, so hopefully cleaner, consolidated code will be available.
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody><tr><td style="text-align: center;">
</td></tr><tr><td class="tr-caption" style="text-align: center;">eForensics Magazine: Anti Forensics Techniques</td></tr></tbody></table>While the first IoAF group is working on a paper for Digital Investigation, the second group decided to write an article about A general approach to anti-forensic activity detection. This article gives a pretty good literature review about some of the work done in general anti-forensic detection, then shows the investigators how to determine traces created by anti-forensic programs. The work is somewhat similar to the work of Geiger on ‘counter forensics’, but - I believe - the proposed method is easier for investigators to implement or even automate.
Their article can be found in eForensics Magazine Vol. 3 No. 5.
<div style="margin-left: 24pt; text-indent: -24.0pt;">
</div>While the developed tools are currently available on github, the next few months will see them refined. Stay tuned!
[CFP] 6th International Conference on Digital Forensics & Cyber Crime
September 18-20, 2014 - New Haven, CT, USA | Call for papers
IMPORTANT DATES
Paper Submission: 16 May, 2014
Notification of Acceptance: 30 July, 2014
Camera-ready Version: 1 September, 2014
<h1 style="background-color: white; border: 0px; color: #333333; font-family: Titillium, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 1.385em; line-height: 25px; margin: 0px 0px 0.5em; padding: 0px; vertical-align: baseline;">ICDF2C and SADFE 2014</h1><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; padding: 0px; vertical-align: baseline;">Keeping up with our international and collaborative nature at ICDF2C, we are proud to announce that ICDF2C 2014 will run jointly with Systematic Approaches to Digital Forensic Engineering (SADFE). We are also proud to announce that ICDF2C is continuing collaboration with the Journal of Digital Investigation, the leading international journal in the area of digital forensics and incident response. In addition to the publication of the proceedings in the Lecture Notes of the ICST, the best research papers presented at ICDF2C 2014 will be expanded and peer reviewed for a special issue of the Journal of Digital Investigation.</div><h1 style="background-color: white; border: 0px; color: #333333; font-family: Titillium, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 1.385em; line-height: 25px; margin: 1em 0px 0.5em; padding: 0px; vertical-align: baseline;">Special Themes</h1><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; padding: 0px; vertical-align: baseline;">This year, we have two themes that we intend to embrace. Authors are encouraged to submit papers that embrace these themes:</div><ul style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; list-style: none; margin: 0.692em 0px 0px; padding: 0px 0px 0px 20px; vertical-align: baseline;"><li style="border: 0px; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; list-style-type: disc; margin: 0px; padding: 0px; vertical-align: baseline;"><div style="border: 0px; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; padding: 0px; vertical-align: baseline;">Big Data in Digital Forensic Investigations</div></li><li style="border: 0px; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; list-style-type: disc; margin: 0px; padding: 0px; vertical-align: baseline;"><div style="border: 0px; font-family: inherit; font-size: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; padding: 0px; vertical-align: baseline;">Digital forensics in the broader context of forensic science, criminalistics and criminology</div></li></ul><h1 style="background-color: white; border: 0px; color: #333333; font-family: Titillium, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 1.385em; line-height: 25px; margin: 1em 0px 0.5em; padding: 0px; vertical-align: baseline;">SCOPE</h1><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; padding: 0px; vertical-align: baseline;">The Internet has made it easier to perpetrate crimes by providing criminals an avenue for launching attacks with relative anonymity. The increased complexity of global communication and networking infrastructure and devices makes investigation of cybercrimes difficult. Clues of illegal activities are often buried in large volumes of data that need to be sifted through in order to detect crimes and collect evidence. The field of digital forensics and cybercrime investigation has become very important for law enforcement, national security, and information assurance. Digital forensics and cybercrime investigations are multidisciplinary areas that encompasses law, computer science, finance, telecommunications, data analytics, policing and more. ICDF2C brings together practitioners and researchers from diverse fields providing opportunities for business and intellectual engagement among attendees.</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;">The following topics highlight the conference’s theme:</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;"></div><ul><li>BigData and Digital Forensics</li><li>Business Applications of Digital Forensics</li><li>Civil Litigation Support</li><li>Cloud Forensics</li><li>Cyber Crime Investigations</li><li>Cyber Criminal Psychology and Profiling</li><li>Cyber Culture & Cyber Terrorism</li><li>Data hiding and stenography</li><li>Database Forensics</li><li>Digital Forensic Science</li><li>Digital Forensic Tool Testing and validation</li><li>Digital Forensic Trends</li><li>Digital Forensics & Law</li><li>Digital Forensics and Error rates</li><li>Digital Forensics novel algorithms</li><li>Digital Forensics Process & Procedures</li><li>Digital Forensics Standardization & Accreditation</li><li>Digital Forensics Techniques and Tools</li><li>Digital Forensics Triage</li><li>e-Discovery</li><li>Hacking</li><li>Incident Response</li><li>Information Warfare & Critical Infrastructure Protection</li><li>Law Enforcement and Digital Forensics</li><li>Machine learning and Digital Forensics</li><li>Malware & Botnets</li><li>Mobile / Handheld Device & Multimedia Forensics</li><li>Money Laundering</li><li>Network forensics</li><li>New chip-off techniques</li><li>Novel Digital Forensics Training programs</li><li>Online Fraud</li><li>Programming Languages and Digital Forensics</li><li>SCADA Forensics</li><li>Sexual Abuse of Children on Internet</li><li>Software & Media Piracy</li><li>Theoretical Foundations of Digital Forensics</li><li>Traditional Criminology applied to Digital Forensics</li><li>Philosophical accounts for Cyber Crime and Digital Forensics</li></ul>
<h2 style="background-color: white; border: 0px; color: #333333; font-family: Titillium, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 1.231em; line-height: 1.125em; margin: 1.125em 0px 0.281em; padding: 0px; vertical-align: baseline;">RESEARCH PAPERS</h2><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; padding: 0px; vertical-align: baseline;">Papers describing original unpublished research are solicited. Submissions must not be concurrently under review by a conference, journal or any other venue that has proceedings.</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;">Papers in the topic areas discussed are preferred, although contributions outside those topics may also be of interest. Please feel free at any time to contact the conference general chair if you have questions regarding your submission.</div><h2 style="background-color: white; border: 0px; color: #333333; font-family: Titillium, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 1.231em; line-height: 1.125em; margin: 1.125em 0px 0.281em; padding: 0px; vertical-align: baseline;">BEST PAPER AWARD</h2><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; padding: 0px; vertical-align: baseline;">The program committee may designate up to three papers accepted to the conference as ICDF2C/SADFE Best Papers. Every submission is automatically eligible for this award.</div><h2 style="background-color: white; border: 0px; color: #333333; font-family: Titillium, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 1.231em; line-height: 1.125em; margin: 1.125em 0px 0.281em; padding: 0px; vertical-align: baseline;">OTHER SUBMISSION CATEGORIES</h2><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; padding: 0px; vertical-align: baseline;">Submissions can be made in a number of categories: Completed research papers, research-in-progress papers, industrial talks, panel and tutorial proposals, and round table discussions. Please follow the following guidelines in preparing your submission.</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;">??? Completed Research Papers: No longer than 16 pages (including abstract, figures, tables and references).</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;">??? Research in Progress Papers: No longer than 8 pages (including abstract, figures, tables and references).</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;">??? Industrial Talk: Typically a 1,000 word description of the proposed talk. All talks must be vendor neutral.</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;">??? Round Table Discussion: Typically a 1,000 word synopsis of the topic area. ??? Panel Proposals: Typically a 1,000 word description, identifying the panelists to be involved.</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;">??? Tutorial Proposals: Typically a 1,000 word description of topic(s), potential speakers, program length, and potential audience. Also, include proposer resume(s).</div><h1 style="background-color: white; border: 0px; color: #333333; font-family: Titillium, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 1.385em; line-height: 25px; margin: 1em 0px 0.5em; padding: 0px; vertical-align: baseline;">SUBMISSION INSTRUCTIONS</h1><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; padding: 0px; vertical-align: baseline;">See the website for instructions.</div><h1 style="background-color: white; border: 0px; color: #333333; font-family: Titillium, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 1.385em; line-height: 25px; margin: 1em 0px 0.5em; padding: 0px; vertical-align: baseline;">PUBLICATIONS</h1><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; padding: 0px; vertical-align: baseline;">Accepted papers will be published in the ICDF2C 2014 Conference Proceedings and by Springer-Verlag in the Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Tele-communications Engineering (LNICST) series.</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;">The proceedings will be available both as paper-based copies and via Springerlink, Springer’s digital library. In addition, the content of the proceedings will be submitted for inclusion in leading indexing services, including DBLP, Google Scholar, ISI Proceedings, EI, CrossRef and Zentralblatt Math, as well as ICST’s own EU Digital Library (EUDL).</div><div style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 13.333333969116211px; line-height: 18.005001068115234px; margin-top: 0.692em; padding: 0px; vertical-align: baseline;">In addition, the best conference papers will be published by Elsevier in an expanded form after additional peer review in a special issue of the Journal of Digital Investigation.</div>