Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JCP
Special Issues
Cyber Security and Digital Forensics
share announcement

Cyber Security and Digital Forensics

A special issue of Journal of Cybersecurity and Privacy (ISSN 2624-800X). This special issue belongs to the section "Cryptography and Cryptology".

Deadline for manuscript submissions: closed (20 March 2024) | Viewed by 38366

Special Issue Editors

Prof. Dr. Mario Antunes

E-Mail Website
Guest Editor
School of Technology and Management, Polytechnic of Leiria, 2411-901 Leiria, Portugal
Interests: cybersecurity; digital forensics; cyberawareness; information security; cyber situational awareness; computer networking security; machine learning
Prof. Dr. Carlos Rabadão

E-Mail Website
Guest Editor
Computer Science Engineering Department at Superior School of Technology and Management, Polytechnic of Leiria, 2411-901 Leiria, Portugal
Interests: information and networks security; information security management systems; security incident response systems for Industry 4.0; next generation networks and services; wireless networks
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

We are setting up the Special Issue on “Cyber Security and Digital Forensics” in the Journal of Cybersecurity and Privacy, which aims to attract original, pertinent, and innovative contributions on a wide set of topics related to cybersecurity, information security, and digital forensics.

Information security and cybersecurity play a key role in the management of organizations in general, as they deal with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. When a cyberattack takes place in the enterprise information system, the analysis and collection of digital artifacts is crucial to understand the origins, motivations, and impact of the malicious activities. To deal with the amount of assets being protected and their high variety and heterogeneity, organizations have adopted a wide set of techniques, tools, and methodologies to implement cybersecurity and digital forensics processes.

The quality of these techniques and tools may dictate the speed and efficiency of the security of the assets, the improvement of availability of IT infrastructure, and, consequently, business continuity.

The Special Issue “Cyber Security and Digital Forensics” welcomes articles (reviews, communications, original studies, technical reports, and case reports) that focus on the various topics that are under the cybersecurity and digital forensic umbrella.

Prof. Dr. Mario Antunes
Prof. Dr. Carlos Rabadão
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Journal of Cybersecurity and Privacy is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • information security
  • cybersecurity auditing
  • cybersecurity and information security compliance
  • cybersecurity governance and regulations
  • cyber situational awareness
  • digital forensics for cybersecurity
  • digital forensics incident response
  • digital forensics automation

Published Papers (9 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Review

29 pages, 563 KiB  
Article
On Data Leakage Prevention Maturity: Adapting the C2M2 Framework
by Jan Domnik and Alexander Holland
J. Cybersecur. Priv. 2024, 4(2), 167-195; https://doi.org/10.3390/jcp4020009 - 30 Mar 2024
Viewed by 577
Abstract
In an evolving cybersecurity landscape marked by escalating data breaches and regulatory demands, data leakage prevention (DLP) has emerged as one of several defense mechanisms. This study underscores unresolved foundational issues within DLP, revealing that it remains a significant challenge in large organizations. [...] Read more.
In an evolving cybersecurity landscape marked by escalating data breaches and regulatory demands, data leakage prevention (DLP) has emerged as one of several defense mechanisms. This study underscores unresolved foundational issues within DLP, revealing that it remains a significant challenge in large organizations. This highlights the necessity for a holistic approach to DLP to effectively address these persistent challenges. By developing a DLP Maturity Model, adapted from the renowned C2M2 framework, this research provides a comprehensive tool for assessing organizational DLP capabilities and pinpointing critical gaps. Applying the DLP Maturity Model within the financial sector as demonstrated through a banking scenario showcases its relevance and added value. This application illuminates the model’s effectiveness in securing sensitive data and adhering to essential regulatory standards, highlighting its adaptability across various compliance landscapes. Implementing this DLP Maturity Model in a banking scenario showcases its applicability, highlighting its ability to formulate a strategy to secure sensitive data and comply with regulatory standards. This approach aligns with the concept of a continuous risk-based strategy, merging the holistic model to identify and address critical insider risks within organizations. The study addresses a specific gap in DLP research, notably the lack of a holistic framework for assessing and enhancing DLP strategies across organizations. It equips practitioners with a foundational tool to determine current DLP maturity and devise strategies for mitigating insider-driven data breach risks, thereby bolstering organizational cybersecurity resilience. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

22 pages, 5820 KiB  
Article
D2WFP: A Novel Protocol for Forensically Identifying, Extracting, and Analysing Deep and Dark Web Browsing Activities
by Mohamed Chahine Ghanem, Patrick Mulvihill, Karim Ouazzane, Ramzi Djemai and Dipo Dunsin
J. Cybersecur. Priv. 2023, 3(4), 808-829; https://doi.org/10.3390/jcp3040036 - 15 Nov 2023
Cited by 1 | Viewed by 1392
Abstract
The use of the unindexed web, commonly known as the deep web and dark web, to commit or facilitate criminal activity has drastically increased over the past decade. The dark web is a dangerous place where all kinds of criminal activities take place, [...] Read more.
The use of the unindexed web, commonly known as the deep web and dark web, to commit or facilitate criminal activity has drastically increased over the past decade. The dark web is a dangerous place where all kinds of criminal activities take place, Despite advances in web forensic techniques, tools, and methodologies, few studies have formally tackled dark and deep web forensics and the technical differences in terms of investigative techniques and artefact identification and extraction. This study proposes a novel and comprehensive protocol to guide and assist digital forensic professionals in investigating crimes committed on or via the deep and dark web. The protocol, named D2WFP, establishes a new sequential approach for performing investigative activities by observing the order of volatility and implementing a systemic approach covering all browsing-related hives and artefacts which ultimately resulted in improving the accuracy and effectiveness. Rigorous quantitative and qualitative research has been conducted by assessing the D2WFP following a scientifically sound and comprehensive process in different scenarios and the obtained results show an apparent increase in the number of artefacts recovered when adopting the D2WFP which outperforms any current industry or opensource browsing forensic tools. The second contribution of the D2WFP is the robust formulation of artefact correlation and cross-validation within the D2WFP which enables digital forensic professionals to better document and structure their analysis of host-based deep and dark web browsing artefacts. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

32 pages, 1077 KiB  
Article
VEDRANDO: A Novel Way to Reveal Stealthy Attack Steps on Android through Memory Forensics
by Jennifer Bellizzi, Eleonora Losiouk, Mauro Conti, Christian Colombo and Mark Vella
J. Cybersecur. Priv. 2023, 3(3), 364-395; https://doi.org/10.3390/jcp3030019 - 10 Jul 2023
Viewed by 1733
Abstract
The ubiquity of Android smartphones makes them targets of sophisticated malware, which maintain long-term stealth, particularly by offloading attack steps to benign apps. Such malware leaves little to no trace in logs, and the attack steps become difficult to discern from benign app [...] Read more.
The ubiquity of Android smartphones makes them targets of sophisticated malware, which maintain long-term stealth, particularly by offloading attack steps to benign apps. Such malware leaves little to no trace in logs, and the attack steps become difficult to discern from benign app functionality. Endpoint detection and response (EDR) systems provide live forensic capabilities that enable anomaly detection techniques to detect anomalous behavior in application logs after an app hijack. However, this presents a challenge, as state-of-the-art EDRs rely on device and third-party application logs, which may not include evidence of attack steps, thus prohibiting anomaly detection techniques from exposing anomalous behavior. While, theoretically, all the evidence resides in volatile memory, its ephemerality necessitates timely collection, and its extraction requires device rooting or app repackaging. We present VEDRANDO, an enhanced EDR for Android that accomplishes (i) the challenge of timely collection of volatile memory artefacts and (ii) the detection of a class of stealthy attacks that hijack benign applications. VEDRANDO leverages memory forensics and app virtualization techniques to collect timely evidence from memory, which allows uncovering attack steps currently uncollected by the state-of-the-art EDRs. The results showed that, with less than 5% CPU overhead compared to normal usage, VEDRANDO could uniquely collect and fully reconstruct the stealthy attack steps of ten realistic messaging hijack attacks using standard anomaly detection techniques, without requiring device or app modification. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

21 pages, 1555 KiB  
Article
Investigating the Privacy and Security of the SimpliSafe Security System on Android and iOS
by Shinelle Hutchinson, Miloš Stanković, Samuel Ho, Shiva Houshmand and Umit Karabiyik
J. Cybersecur. Priv. 2023, 3(2), 145-165; https://doi.org/10.3390/jcp3020009 - 07 Apr 2023
Cited by 3 | Viewed by 3002
Abstract
The emergence of the Internet of Things technologies and the increase and convenience of smart home devices have contributed to the growth of self-installed home security systems. While home security devices have become more accessible and can help users monitor and secure their [...] Read more.
The emergence of the Internet of Things technologies and the increase and convenience of smart home devices have contributed to the growth of self-installed home security systems. While home security devices have become more accessible and can help users monitor and secure their homes, they can also become targets of cyberattacks and/or witnesses of criminal activities, hence sources of forensic evidence. To date, there is little existing literature on forensic analysis and the security and privacy of home security systems. In this paper, we seek to better understand and assess the forensic artifacts that can be extracted, the security and privacy concerns around the use of home security devices, and the challenges forensic investigators might encounter, by performing a comprehensive investigation of the SimpliSafe security system. We investigated the interaction of the security system with the SimpliSafe companion app on both Android and iOS devices. We analyzed the network traffic as the user interacts with the system to identify any security or privacy concerns. Our method can help investigators working on other home security systems, and our findings can further help developers to improve the confidentiality and privacy of user data in home security devices and their applications. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

19 pages, 2081 KiB  
Article
Water-Tight IoT–Just Add Security
by Guillaume Bour, Camillo Bosco, Rita Ugarelli and Martin Gilje Jaatun
J. Cybersecur. Priv. 2023, 3(1), 76-94; https://doi.org/10.3390/jcp3010006 - 01 Mar 2023
Cited by 2 | Viewed by 2006
Abstract
The security of IoT-based digital solutions is a critical concern in the adoption of Industry 4.0 technologies. These solutions are increasingly being used to support the interoperability of critical infrastructure, such as in the water and energy sectors, and their security is essential [...] Read more.
The security of IoT-based digital solutions is a critical concern in the adoption of Industry 4.0 technologies. These solutions are increasingly being used to support the interoperability of critical infrastructure, such as in the water and energy sectors, and their security is essential to ensure the continued reliability and integrity of these systems. However, as our research demonstrates, many digital solutions still lack basic security mechanisms and are vulnerable to attacks that can compromise their functionality. In this paper, we examine the security risks associated with IoT-based digital solutions for critical infrastructure in the water sector, and refer to a set of good practices for ensuring their security. In particular, we analyze the risks associated with digital solutions not directly connected with the IT system of a water utility. We show that they can still be leveraged by attackers to trick operators into making wrong operational decisions. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

14 pages, 336 KiB  
Article
Exploratory Study on Kali NetHunter Lite: A Digital Forensics Approach
by Miloš Stanković and Umit Karabiyik
J. Cybersecur. Priv. 2022, 2(3), 750-763; https://doi.org/10.3390/jcp2030038 - 19 Sep 2022
Cited by 1 | Viewed by 4304
Abstract
Mobile devices, specifically smartphones, have become a necessity in everyday life, as we perform many essential day-to-day tasks using these devices. With the projected increase in mobile devices to 18.22 billion by 2025, the reliance on smartphones will only grow. This demand for [...] Read more.
Mobile devices, specifically smartphones, have become a necessity in everyday life, as we perform many essential day-to-day tasks using these devices. With the projected increase in mobile devices to 18.22 billion by 2025, the reliance on smartphones will only grow. This demand for smartphones has allowed various companies to start developing their own devices and custom operating systems, each of which puts its own touch on them. In addition, current smartphones have increased processing power, providing users with a computer experience in their pockets. Software developers have taken this opportunity to bridge the gap between personal computers and smartphones by creating the same software for personal computers and mobile devices. Kali Linux is one of the most popular penetration testing tools for desktop use and has been adapted to operate on mobile devices under the name Kali NetHunter. Kali NetHunter has three different versions on mobile platforms that provide various levels of capabilities. Kali NetHunter is just one example in which an application or an operating system applies to a specific niche of users. Highly customized operating systems or applications do not receive the same attention as field research, leaving them unfamiliar to mobile forensic investigators when used maliciously. In this paper, we conducted an exploratory study on the Kali NetHunter Lite application after it was installed and its embedded tools were utilized. Our results show a detailed analysis of the file system and reveal the data from the tests carried out during various phases. Furthermore, the locations of the folders involved in the process were described. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

11 pages, 369 KiB  
Article
Requirements for Crafting Virtual Network Packet Captures
by Daniel Spiekermann and Jörg Keller
J. Cybersecur. Priv. 2022, 2(3), 516-526; https://doi.org/10.3390/jcp2030026 - 06 Jul 2022
Viewed by 3665
Abstract
Currently, network environments are complex infrastructures with different levels of security, isolation and permissions. The management of these networks is a complex task, faced with different issues such as adversarial attacks, user demands, virtualisation layers, secure access and performance optimisation. In addition to [...] Read more.
Currently, network environments are complex infrastructures with different levels of security, isolation and permissions. The management of these networks is a complex task, faced with different issues such as adversarial attacks, user demands, virtualisation layers, secure access and performance optimisation. In addition to this, forensic readiness is a demanded target. To cover all these aspects, network packet captures are used to train new staff, evaluate new security features and improve existing implementations. Because of this, realistic network packet captures are needed that cover all appearing aspects of the network environment. Packet generators are used to create network traffic, simulating real network environments. There are different network packet generators available, but there is no valid rule set defining the requirements targeting packet generators. The manual creation of such network traces is a time-consuming and error-prone task, and the inherent behaviour of virtual networks eradicates a straight-forward automation of trace generation in comparison to common networks. Hence, we analyse relevant conditions of modern virtualised networks and define relevant requirements for a valid packet generation and transformation process. From this, we derive recommendations for the implementation of packet generators that provide valid and correct packet captures for use with virtual networks. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

29 pages, 1680 KiB  
Article
Ads and Fraud: A Comprehensive Survey of Fraud in Online Advertising
by Shadi Sadeghpour and Natalija Vlajic
J. Cybersecur. Priv. 2021, 1(4), 804-832; https://doi.org/10.3390/jcp1040039 - 16 Dec 2021
Cited by 1 | Viewed by 10080
Abstract
Over the last two decades, we have witnessed a fundamental transformation of the advertising industry, which has been steadily moving away from the traditional advertising mediums, such as television or direct marketing, towards digital-centric and internet-based platforms. Unfortunately, due to its large-scale adoption [...] Read more.
Over the last two decades, we have witnessed a fundamental transformation of the advertising industry, which has been steadily moving away from the traditional advertising mediums, such as television or direct marketing, towards digital-centric and internet-based platforms. Unfortunately, due to its large-scale adoption and significant revenue potential, digital advertising has become a very attractive and frequent target for numerous cybercriminal groups. The goal of this study is to provide a consolidated view of different categories of threats in the online advertising ecosystems. We begin by introducing the main elements of an online ad platform and its different architecture and revenue models. We then review different categories of ad fraud and present a taxonomy of known attacks on an online advertising system. Finally, we provide a comprehensive overview of methods and techniques for the detection and prevention of fraudulent practices within those system—both from the scientific as well as the industry perspective. The main novelty of our work lies in the development of an innovative taxonomy of different types of digital advertising fraud based on their actual executors and victims. We have placed different advertising fraud scenarios into real-world context and provided illustrative examples thereby offering an important practical perspective that is very much missing in the current literature. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

Review

Jump to: Research

17 pages, 420 KiB  
Review
The Evolution of Volatile Memory Forensics
by Hannah Nyholm, Kristine Monteith, Seth Lyles, Micaela Gallegos, Mark DeSantis, John Donaldson and Claire Taylor
J. Cybersecur. Priv. 2022, 2(3), 556-572; https://doi.org/10.3390/jcp2030028 - 20 Jul 2022
Cited by 4 | Viewed by 8230
Abstract
The collection and analysis of volatile memory is a vibrant area of research in the cybersecurity community. The ever-evolving and growing threat landscape is trending towards fileless malware, which avoids traditional detection but can be found by examining a system’s random access memory [...] Read more.
The collection and analysis of volatile memory is a vibrant area of research in the cybersecurity community. The ever-evolving and growing threat landscape is trending towards fileless malware, which avoids traditional detection but can be found by examining a system’s random access memory (RAM). Additionally, volatile memory analysis offers great insight into other malicious vectors. It contains fragments of encrypted files’ contents, as well as lists of running processes, imported modules, and network connections, all of which are difficult or impossible to extract from the file system. For these compelling reasons, recent research efforts have focused on the collection of memory snapshots and methods to analyze them for the presence of malware. However, to the best of our knowledge, no current reviews or surveys exist that systematize the research on both memory acquisition and analysis. We fill that gap with this novel survey by exploring the state-of-the-art tools and techniques for volatile memory acquisition and analysis for malware identification. For memory acquisition methods, we explore the trade-offs many techniques make between snapshot quality, performance overhead, and security. For memory analysis, we examined the traditional forensic methods used, including signature-based methods, dynamic methods performed in a sandbox environment, as well as machine learning-based approaches. We summarize the currently available tools, and suggest areas for more research. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-9
Back to TopTop