APWG & NCFS Establish First Electronic Crime Research Conference

The eCrime Researchers Summit in Orlando sponsored by the Anti-Phishing Working Group (APWG) and the National Center for Forensic Science (NCFS) next month will feature some of the most advanced applied research into electronic crime technology ever assembled in a single venue – and establishes the first conference focused exclusively on applied research into electronic crime detection, prevention and forensics…During the two-day conference on Nov. 16 and 17, leading researchers from around the world will converge on Orlando to present their findings on: phishing, the criminal art of stealing consumers’ online credentials; techniques for detecting and visualizing Internet servers that have been commandeered by criminals; automated systems for investigating online scams; and digital forensics tools. As well, the summit will present panels and keynotes by industry experts and an executive cybercrime agent from the United States Secret Service. The agenda is at this URL:


http://www.antiphishing.org/events/2006_researchSummit.html


NCFS Assistant Director for Digital Evidence Philip Craiger, Ph.D. said, “Experts agree that computer crimes will continue to increase and evolve as technology becomes more ubiquitous and varied. The best way to cope with this growing problem is to be proactive and collaborate with others who are affected by these types of crimes. The NCFS and APWG collaborative meeting brings together law enforcement, industry partners, and academia to discuss computer crimes in an open format, where parties can share ideas on basic and applied research, and lessons learned.”


Hacking, phishing, Botnets, zombies, hacking, seemingly overnight have entered the everyday lexicon. A US Secret Service/Carnegie Mellon University survey coordinated with CSO Magazine released in September found that while adverse security event declined, dollar losses increased, on average, from $507,000 in 2005 to $740,000. With the expansion of criminal activity on the public Internet has come interest from computer scientists worldwide and, indeed, academic conferences have begun accepting papers in the field of electronic crime and computer forensics.


The APWG and its conference co-sponsor, the NCFS, understood the need to promote innovative research into electronic crime and allied to establish the very first applied research conference completely dedicated to work in the disciplines of electronic crime research, computer forensics and counter e-crime technologies and techniques. The new conference provides a central mustering point for e-ecrime research in the same way that the APWG since 2003 has provided a mechanism for counter e-crime stakeholders from industry, government and law enforcement to advance their understanding of electronic crime.


APWG Chairman David Jevans said it was important to establish an e-crime research conference in order to effectively engage the organized e-crime plexus developing ever more sophisticated electronic crime technologies. This year’s revelations about stock manipulation schemes using phishing techniques are a good example. “The research community predicted this kind of stuff more than a year ago. Working with researchers can help keep us ahead of the curve. It will also help that community get their dialogue going with industry and that will help with development on the solutions side, too.”


By bringing together academics, law enforcement and information technology practitioners, the summit will facilitate collaborations between principal investigators and centers of research developing eCrime forensics and/or eCrime countering technologies. The two-day program will enable:


* Disparate institutions to learn of each others’ work firsthand and to interrogate each others’ investigators


* Attendees to identify PIs of shared or adjacent interests to organize the most relevant and mutually beneficial collaborations possible


* Investigators to identify opportunities for new, grant-fundable projects developed in these collaborations


* Representatives of grant-funding agencies (who will be invited) to meet directly with PIs formulating exciting new research programs


The papers being presented at the conference that have been accepted (and are being published in the Journal of Digital Forensic Practice) fall into roughly 4 groupings: articles, work-in-progress, tools/techniques and security/forensic policy.


The listing of papers, keynotes and panels being presented is listed at this URL:


http://www.antiphishing.org/events/2006_researchSummit.html#agenda


The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,500 companies and government agencies participating in the APWG and more than 2,500 members. The APWG’s web site (http://www.antiphishing.org) offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG’s corporate sponsors include: 41st Parameter, 8e6 Technologies, Able NV, ActivCard (ACTI), Adobe (ADBE), AhnLab, Aladdin Knowledge Systems (ALDN), Anakam, Anonymizer, BBN Technologies, BlueStreak, Brandimensions, Clear Search, Cloudmark, Comodo, Corillian (CORI), Cydelity, Cyveillance, DigitalEnvoy, DigitalResolve, Earthlink (ELNK), eBay/PayPal (EBAY), Entrust (ENTU), Experian, eEye Digital Security, F-Secure, GeoTrust, GoDaddy, ING Bank, Iconix, InternetIndentity, Internet Security Systems, IOvation, IS3, Kaspersky Labs, Lenos Software, LightSpeed Systems, MailFrontier, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), Mirapoint, MX Logic, NameProtect, Netcraft, NetStar, PassMark, Panda Software, Phoenix Technologies, Inc. (PTEC), Quova, RSA Security (RSAS), SAIC, SecureBrain, Sigaba, SOPHOS, SquareTrade, SurfControl, Symantec (SYMC), The 41st Parameter, Trek Blue, Trend Micro (TMIC), Tricerion, TriCipher, Tumbleweed Communications (TMWD), SurfControl (SRF.L), Vasco (VDSI), VeriSign (VRSN), Visa, Websense, Inc. (WBSN), WholeSecurity and ZixCorp.


About the NCFS: The National Center for Forensic Science provides research, education, training, tools and technology to meet the current and future needs of the forensic science, investigative and criminal justice communities. The NCFS is a program of the National Institute of Justice <http://www.ojp.usdoj.gov/nij/> hosted by the University of Central Florid <http://www.ucf.edu>a. <http://www.ucf.edu> The National Center for Forensic Science will lead in providing proactive and innovative solutions to meet the challenges facing the investigative and forensic science, and criminal justice communities. Most recently, the has partnered with the US Secret Service to open a new Electronic Evidence lab to assist state and local law enforcement with computer related crimes.
Contacts


APWG

Foy Shiver, +1-404-434-7282

or

NCFS

Philip Craiger, +1-407-823-3527

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...