Asif Iqbal CISSP,CISA,CISM

With the increasing advent of smart buildings and smart cities, the use of Operational Technology (OT) and Industrial control systems (ICSs) has been rising. Recent trends of cyber attacks on OT demand more attention for forensic and security analysis of such environments. As such in this paper, we examine a widely used PLC, the Beckhoff CX9020 PLC from a digital forensic perspective. First, we configure the PLC to log as much activity as possible using the available options. Next, we test a… Show more

With the increasing advent of smart buildings and smart cities, the use of Operational Technology (OT) and Industrial control systems (ICSs) has been rising. Recent trends of cyber attacks on OT demand more attention for forensic and security analysis of such environments. As such in this paper, we examine a widely used PLC, the Beckhoff CX9020 PLC from a digital forensic perspective. First, we configure the PLC to log as much activity as possible using the available options. Next, we test a set of basic cyber attacks on the PLC. Finally, we devise forensic acquisition and analysis of the system. Show less

Connectivity as a whole and the Internet of Things (IoT) has influenced a great many things in the past decade. Among those, the most prominent is our daily life routines, which have increasingly started to depend on technology. A Smart Home, being a central part, has gained more importance from a forensic perspective since it affects many lives and can be an easy target for cybercrimes. In this work in progress paper, we explore the feasibility of conducting forensic analysis on different… Show more

Connectivity as a whole and the Internet of Things (IoT) has influenced a great many things in the past decade. Among those, the most prominent is our daily life routines, which have increasingly started to depend on technology. A Smart Home, being a central part, has gained more importance from a forensic perspective since it affects many lives and can be an easy target for cybercrimes. In this work in progress paper, we explore the feasibility of conducting forensic analysis on different Smart Plugs and what sort of challenges are encountered in such a forensic investigation. We also review current related work for forensic analysis of Smart Plugs. Show less

Threat modeling is a set of methodologies to analyze the potential threats in a digital system, in order to mitigate them. Digital forensics, on the other hand, is used in order to find the true origin of an event with the help of forensic evidence. Digital forensics is based on Locard’s Principle and dictates that even digital crime leaves behind some form of remnants. Both the domains, threat modeling and digital forensics, have separately existed, but have to our knowledge not been used… Show more

Threat modeling is a set of methodologies to analyze the potential threats in a digital system, in order to mitigate them. Digital forensics, on the other hand, is used in order to find the true origin of an event with the help of forensic evidence. Digital forensics is based on Locard’s Principle and dictates that even digital crime leaves behind some form of remnants. Both the domains, threat modeling and digital forensics, have separately existed, but have to our knowledge not been used together. In this research, we establish the importance of forensic evidence and how it can aid threat modeling by providing more comprehensive threat intelligence. We provide practical examples of how the two fields can be combined, based on attack graphs and Bayesian networks. Show less

The omnipresence of smart devices in many aspects of modern everyday life has helped to achieve an enormous level of automation, has ensured sustainable development, and improved quality of life. Over the last decade, such small and portable devices became cheap and easy to deploy in any kind of application. With the full range of versatile connectivity, such technological development also brings multiple challenges related to the security of infrastructure and data. Many individuals… Show more

The omnipresence of smart devices in many aspects of modern everyday life has helped to achieve an enormous level of automation, has ensured sustainable development, and improved quality of life. Over the last decade, such small and portable devices became cheap and easy to deploy in any kind of application. With the full range of versatile connectivity, such technological development also brings multiple challenges related to the security of infrastructure and data. Many individuals, companies, and states worldwide experience the previously unseen scale and scope of the attacks using novel approaches. All these smart applications have also increased the overall attack surface leading to multiple attack vectors available through vulnerabilities. Lack of standards, insufficient security awareness, and new technological landscape does not help either. Considering this, one needs to enhance forensics investigation methodologies, employ novel tools, combine threat intelligence, and integrate forensic readiness. Such measures will help to reduce the total cyber risk through a high level of preparedness for anticipated data-driven crimes in smart applications. We believe that this paper will help in bringing novel focus to existing digital forensics methodologies with a focus on smart applications. Show less

In today’s connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote… Show more

In today’s connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote location and gone are the days of physical barriers. The power of connectivity and control makes it a much more challenging task to protect critical industrial control systems. This capability comes at a price, in this case, increasing the risk of potential cyber threats to substations. With all such potential risks, it is important that they can be traced back and attributed to any potential threats to their roots. It is extremely important for a forensic investigation to get credible evidence of any cyber-attack as required by the Daubert standard. Hence, to be able to identify and capture digital artifacts as a result of different attacks, in this paper, the authors have implemented and improvised a forensic testbed by implementing a sandboxing technique in the context of real time-hardware-in-the-loop setup. Newer experiments have been added by emulating the cyber-attacks on WAMPAC applications, and collecting and analyzing captured artifacts. Further, using sandboxing for the first time in such a setup has proven helpful. Show less

The global trend is to go digital, in other words go 'smart'. Like the rest of the world getting smarter, so is the power sector hence the term smart power grids and substations. Such capability comes at a price, in this case increasing risk of potential cyber threats to substations. With all such potential risks, it is important that we are able to trace back and attribute any potential threats to its root. In this paper, we're exploring substations to find potential evidences in case a… Show more

The global trend is to go digital, in other words go 'smart'. Like the rest of the world getting smarter, so is the power sector hence the term smart power grids and substations. Such capability comes at a price, in this case increasing risk of potential cyber threats to substations. With all such potential risks, it is important that we are able to trace back and attribute any potential threats to its root. In this paper, we're exploring substations to find potential evidences in case a forensic investigation becomes a necessity. Moreover, a forensic experimental test bed is proposed for digital forensic analysis. Finally, a mapping of attack-based forensic evidences is presented. Show less

Power systems domain has generally been very conservative in terms of conducting digital forensic investigations, especially so since the advent of smart grids. This lack of research due to a multitude of challenges has resulted in absence of knowledge base and resources to facilitate such an investigation. Digitalization in the form of smart grids is upon us but in case of cyber-attacks, attribution to such attacks is challenging and difficult if not impossible. In this research, we have… Show more

Power systems domain has generally been very conservative in terms of conducting digital forensic investigations, especially so since the advent of smart grids. This lack of research due to a multitude of challenges has resulted in absence of knowledge base and resources to facilitate such an investigation. Digitalization in the form of smart grids is upon us but in case of cyber-attacks, attribution to such attacks is challenging and difficult if not impossible. In this research, we have identified digital forensic artifacts resulting from a cyber-attack on Wide Area Monitoring, Protection and Control (WAMPAC) systems, which will help an investigator attribute an attack using the identified evidences. The research also shows the usage of sandboxing for digital forensics along with hardware-in-the-loop (HIL) setup. This is first of its kind effort to identify and acquire all the digital forensic evidences for WAMPAC systems which will ultimately help in building a body of knowledge and taxonomy for power system forensics. Show less

Smart grid improves and revolutionizes the way how energy is generated, distributed and consumed. Despite utilization of such technologies for better life of end-users and communities, there might be outlier events happening that will introduce disturbance to the smart grids. To mitigate impact from such events in power grid, particularly in Wide Area Monitoring Protection and Control (WAMPAC) has been introduced for mitigation and prevention of large disruption and extreme events. Large… Show more

Smart grid improves and revolutionizes the way how energy is generated, distributed and consumed. Despite utilization of such technologies for better life of end-users and communities, there might be outlier events happening that will introduce disturbance to the smart grids. To mitigate impact from such events in power grid, particularly in Wide Area Monitoring Protection and Control (WAMPAC) has been introduced for mitigation and prevention of large disruption and extreme events. Large network of interconnected devices is being monitored through WAMPAC sub-system to avoid major events with negative impact through analysis of system-wide contextual information. The assessment of the state is being made based on the data from Phasor Measurement Unit (PMUs) collected and processed in the Phasor Data Concentrator (PDC). There is an enormous amount of Machine-to-Machine (M2M) communication that the system has to analyze. However, blackout prediction and mitigation is done using measurements data and does not necessarily focus on more high level adversarial events. This paper proposes an ongoing research into timely detection of adversarial attack on the power grid. During the experimental phase, authentication attack scenario was successfully executed on power substation setup. Further, framework for intelligent identification of digital evidences related to attack was suggested unveiling possibility for crime investigations preparedness. Show less

Increasing use of intelligent devices in the Critical Infrastructures has enabled a lot more functionality within several domains that of course has several advantages. But the same automation also brings challenges when it comes to malicious use, either internally or externally. One such challenge is to attribute an attack and ascertain what was the starting point of an attack, who did what, when and why? All these questions can only be answered if the overall underlying infrastructure… Show more

Increasing use of intelligent devices in the Critical Infrastructures has enabled a lot more functionality within several domains that of course has several advantages. But the same automation also brings challenges when it comes to malicious use, either internally or externally. One such challenge is to attribute an attack and ascertain what was the starting point of an attack, who did what, when and why? All these questions can only be answered if the overall underlying infrastructure supports answering such questions. The purpose of this study is to see if in the current setups we are provided within an environment support forensic readiness in the power sector or not. In order to facilitate such a study our scope of work revolves around substation automation and devices called intelligent electronic devices (IEDs). Show less

The forensics investigation of cloud computing is faced by many obstacles originating from the complex integration of technologies used to build the cloud and its sheer size. In this research we aim to provide an insight into cloud computing log forensics, as logs are an important source of forensic evidence in the cloud. This is followed with conclusions regarding the issues faced by researchers in log forensics in cloud computing that will aid the research process.

The proliferation of intelligent devices has provisioned more functionality in Critical Infrastructures. But the same automation also brings challenges when it comes to malicious activity, either internally or externally. One such challenge is the attribution of an attack and to ascertain who did what, when and how? Answers to these questions can only be found if the overall underlying infrastructure supports answering such queries. This study sheds light on the power sector specifically on… Show more

The proliferation of intelligent devices has provisioned more functionality in Critical Infrastructures. But the same automation also brings challenges when it comes to malicious activity, either internally or externally. One such challenge is the attribution of an attack and to ascertain who did what, when and how? Answers to these questions can only be found if the overall underlying infrastructure supports answering such queries. This study sheds light on the power sector specifically on smart grids to learn whether current setups support digital forensic investigations or no. We also address several challenges that arise in the process and a detailed look at the literature on the subject. To facilitate such a study our scope of work revolves around substation automation and devices called intelligent electronic devices (IEDs) in smart grids. Show less

This is a set of work-in-progress exploratory studies dealing with the log analysis and correlation of very specialized setups in industrial control systems implemented in the context of power systems. These cases consider the behavior of logs and their ability or inability to shed light on the incriminating nature of a criminal investigation. Our research is novel and unique in the sense that no such previous study exists detailing the forensic investigation on ICS within power sector.

Abstract: The Instant Messaging (IM) application is one of the most widely used communication methods in the world. It is used by a wide range of age groups and backgrounds. Its extensive use in everyday life provides unique opportunities but means that it can also be used to commit crime such as cyber bullying or by becoming a medium for criminals’ communication. It can, however, also be used by forensic investigators to profile the users behavior. This makes it essential for forensics… Show more

Abstract: The Instant Messaging (IM) application is one of the most widely used communication methods in the world. It is used by a wide range of age groups and backgrounds. Its extensive use in everyday life provides unique opportunities but means that it can also be used to commit crime such as cyber bullying or by becoming a medium for criminals’ communication. It can, however, also be used by forensic investigators to profile the users behavior. This makes it essential for forensics researchers to study artifacts left by such applications. This paper studies the artifacts left by one such popular application - LINE. The aim of this paper is to provide a road map for forensic investigators when dealing with LINE IM application artifacts. The artifacts are discussed in two parts: the first examines regular chatting mode and the second, private chatting. Show less

Abstract: Finding digital forensic artifacts in the ever changing and complex digital world can be a daunting task for any digital forensic investigator. Familiar tools, such as Sandboxie and Symantec Workspace virtualization used as an aid in forensic investigations may significantly decrease the learning curve. The value of sandboxing for digital forensic investigations is demonstrated here through the research via the appropriate comparative analysis.

Abstract: The realm of digital forensics has grown with the development of new technologies. Different fields such as small scale device forensics became an interesting perspective of evidence recovery and analysis for researchers and forensic practitioners as a result of the mobility of these devices. An example of these devices is a Windows Surface RT tablet, which combines the mobility of tablets and the productivity of windows office applications. This research aims to investigate the… Show more

Abstract: The realm of digital forensics has grown with the development of new technologies. Different fields such as small scale device forensics became an interesting perspective of evidence recovery and analysis for researchers and forensic practitioners as a result of the mobility of these devices. An example of these devices is a Windows Surface RT tablet, which combines the mobility of tablets and the productivity of windows office applications. This research aims to investigate the forensic aspect of Windows Surface RT in terms of acquisition as well as analysis. It will analyze the artifacts left by windows 8 and third party applications. The latter artifacts will be compared to the traditional application to identify the differences in terms of forensic evidence. Hence this research will provide a road map for forensic examiners to investigate Windows Surface RT tablets. Show less

Abstract: This research presents two developed approaches for the forensic acquisition of an Amazon Kindle Fire HD. It describes the forensic acquisition and analysis of the Amazon Kindle Fire HD device. Two developed methods of acquisition are presented; one requiring a special cable to reflash the boot partition of the device with a forensic acquisition environment (Method A), and the other exploiting a vulnerability in the device’s Android operating system (Method B). A case study is then… Show more

Abstract: This research presents two developed approaches for the forensic acquisition of an Amazon Kindle Fire HD. It describes the forensic acquisition and analysis of the Amazon Kindle Fire HD device. Two developed methods of acquisition are presented; one requiring a special cable to reflash the boot partition of the device with a forensic acquisition environment (Method A), and the other exploiting a vulnerability in the device’s Android operating system (Method B). A case study is then presented showing the various digital evidence that can be extracted from the device. The results indicate that Method A is more favorable because it utilizes a general methodology that does not exploit a vulnerability that could potentially be patched by Amazon in future software updates. Show less

Abstract: With the increase in big data generation at an ever exploding rate, its very important that
we keep pace with the data mining from digital forensics perspective. This research focuses on several digital forensic techniques being applied to data mining domain.

Abstract: The field of digital forensics is growing in the middle east which is shown by the establishment of technical digital forensic programs in various universities. Even though these programs are important for the development and advancement of the field they are overlooking the law aspect of e-crimes and digital forensics in UAE. This paper discusses available law programs and its relations to e-crimes and digital forensics, analyzing the implications caused by the lack of proper… Show more

Abstract: The field of digital forensics is growing in the middle east which is shown by the establishment of technical digital forensic programs in various universities. Even though these programs are important for the development and advancement of the field they are overlooking the law aspect of e-crimes and digital forensics in UAE. This paper discusses available law programs and its relations to e-crimes and digital forensics, analyzing the implications caused by the lack of proper e-crimes and digital forensics educational materials in UAE law programs. Even though there are efforts made to overcome this gap between the law and the technical aspect of digital forensics by creating individual courses it still lacks a strong educational law program preparing the judicial system to face these crimes in a more effective manner. This paper also discusses the possible improvement on the curricula of law programs. Show less

Abstract: Securing networks has become a daunting task with the proliferation of mobile devices from tablets to smartphones as a result of their mobility and size. It is easier to carry a mobile device and connect it to the network without raising any suspicions. This makes mobile devices very suitable to attack a network or perform penetration testing. The goal of this research is to develop a tool for an android mobile device that will use "ARP spoofing" attack to sniff for traffic in a… Show more

Abstract: Securing networks has become a daunting task with the proliferation of mobile devices from tablets to smartphones as a result of their mobility and size. It is easier to carry a mobile device and connect it to the network without raising any suspicions. This makes mobile devices very suitable to attack a network or perform penetration testing. The goal of this research is to develop a tool for an android mobile device that will use "ARP spoofing" attack to sniff for traffic in a wireless network
along with the ability to spoof cookies and perform SSL spoofing. The tool will also be designed to filter the content of the sniffed network and perform injection attacks. This will aid in investigating network defenses against ARP spoofing attack and other attacks. The second phase of the research is to include performing a study in a public area such as a mall or a university campus that will study the number of users that would install a malicious application on their Android mobile devices. Show less

Abstract: Mobile device forensics can be defined as a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions. It is a useful source of information to any investigation that should not be dismissible, as mobile devices can contain details about who was doing what, where, when and with whom. This critical information can play a significant role in an investigation hence it would be necessary to gain this information as… Show more

Abstract: Mobile device forensics can be defined as a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions. It is a useful source of information to any investigation that should not be dismissible, as mobile devices can contain details about who was doing what, where, when and with whom. This critical information can play a significant role in an investigation hence it would be necessary to gain this information as soon as possible. This need of a fast grasp of data is the core of onsite analysis, which requires preforming the forensics analysis on the scene of the crime. The dilemma faced in this situation is the flexibility of the forensics work station needed for analysis from a mobile perspective as a well as from a monetary perspective.
Ultra Mobile Forensic Lab is a smart hardware/software tool designed to resolve this issue. The mobility, flexibility and cost effectiveness of the tool comparably to other available tools in the market would make it suitable for on-site acquisition and analysis of mobile devices as well as for computer devices. Show less

Abstract: With boom in mobility technology sector, a new generation of computing devices such as iPhone/iPad/iPod have emerged and immersed itself in the lives of millions and millions of people. With its widespread its fair to say that the use of these devices has created a new source of digital
evidence and a need for a fast and trusted method to image and analyze the data has emerged. In this paper we will discuss a novel method that we have developed to create an image of the… Show more

Abstract: With boom in mobility technology sector, a new generation of computing devices such as iPhone/iPad/iPod have emerged and immersed itself in the lives of millions and millions of people. With its widespread its fair to say that the use of these devices has created a new source of digital
evidence and a need for a fast and trusted method to image and analyze the data has emerged. In this paper we will discuss a novel method that we have developed to create an image of the
iDevice (iPhone, iPad, iPod) in a secure and fast manner within 30 minutes or less without jailbreaking followed by forensic analysis of iDevices. Show less

Abstract: With the move toward mobile computing being the trend of this technology era it is clear that our way of life and how we deal with objects in it is changing. This swift shift from large desktop computers to inexpensive, low power applications that are easily carried in our pockets or placed next to a cup of coffee on the living room table clearly changed the way we interact with media and contact friends, colleagues and family members. This also created advancement in the field of… Show more

Abstract: With the move toward mobile computing being the trend of this technology era it is clear that our way of life and how we deal with objects in it is changing. This swift shift from large desktop computers to inexpensive, low power applications that are easily carried in our pockets or placed next to a cup of coffee on the living room table clearly changed the way we interact with media and contact friends, colleagues and family members. This also created advancement in the field of digital forensics as with every device coming to the market, studies have been conducted to investigate the possible evidence that can be found on them. As we realize that with the comfort these devices do provide as a result of their mobility they are also providing a wealth of information about the users themselves for the same reason, hence they are really valuable source of evidence in an investigation. In this paper we will discuss one of these mobile devices which is Amazon Kindle Fire. Being a new player in the mobile computing sector there haven't been enough studies of it in the field of digital forensics. In this paper we will discuss an imaging process to acquire the data from the device then we will provide an analysis of the data. Show less

Abstract:Dyslexia is a specific learning disability that is neurological in origin. It is characterized by difficulties with reading decoding, reading comprehension and/or reading fluency. Although dyslexia is the result of a neurological difference, it is not an intellectual disability. People with this disorder usually have a normal to above normal IQ levels. The difference is that their brains are wired to have a different thinking and learning styles than a normal person and because of that… Show more

Abstract:Dyslexia is a specific learning disability that is neurological in origin. It is characterized by difficulties with reading decoding, reading comprehension and/or reading fluency. Although dyslexia is the result of a neurological difference, it is not an intellectual disability. People with this disorder usually have a normal to above normal IQ levels. The difference is that their brains are wired to have a different thinking and learning styles than a normal person and because of that they are made to feel inferior. According to UNESCO, Dyslexia occurs in 5-10% of the world population. Problems with current methods of teaching can vary but the most common ones are the lack of storage ability, lack of interactions with students, no record keeping of students’ performance and above all students don’t find it interesting enough to use existing systems to tackle this problem.
In order to overcome these issues we have studied the teaching methods used to overcome the difficulties introduced by dyslexia and developed a platform ‘touch.Edu’ that can grow and evolve to contain the improvements in the field of dyslexia teaching methods.
‘touch.Edu’ links the major learning techniques of visual aids, audio, video and handwriting recognition as well as games which are proven to improve the performance of dyslexic children. Games and rewards are unlocked according to students’ performance; hence working as an incentive for learning more. It is designed as a platform so that future developments can be done and can also be easily localized. The interface is suitable for the young age users, easy to use for the first time users with large typography, buttons and icons. Show less

Abstract: Digital Forensics as a field has been growing steadily over the years. Overwhelming penetration of Internet, and consequently Cyber Crime has seen an in crease in the recent years. This has created a demand for digital forensics education in UAE as has been the pattern all around the world. This paper looks at this recent demand and what's available in UAE for Digital Forensics Education.

Abstract: Instant Messaging (IM) is one of the most used types of applications across all digital devices, and is an especially popular feature on smartphones. This research is about the artifacts left by Samsung’s ChatON IM application, which is a multi-platform IM application. In this work, we acquired forensic images of a Samsung Galaxy Note device running Android 4.1 and an iPhone running iOS 6. The acquired images were analyzed and the data relevant to the ChatON application were… Show more

Abstract: Instant Messaging (IM) is one of the most used types of applications across all digital devices, and is an especially popular feature on smartphones. This research is about the artifacts left by Samsung’s ChatON IM application, which is a multi-platform IM application. In this work, we acquired forensic images of a Samsung Galaxy Note device running Android 4.1 and an iPhone running iOS 6. The acquired images were analyzed and the data relevant to the ChatON application were identified. This research resulted in a map of the digital evidence left by ChatON on these mobile devices which assists digital forensics practitioners and researchers in the process of locating and recovering digital evidence from ChatON. Show less