Yesterday and today I was at the 1st International Conference on Cybercrime, Security and Digital Forensics held at Strathclyde University where I presented a paper I wrote based on my master’s thesis on web history visualisations for forensic investigations. You can download the paper and my slides here, or contact the conference organiser for the whole conference book. The presentation went really well; I’m still a bit in shock as to how well actually..! A lecturer from Glasgow Uni was interested in using Webscavator as part of her Usable Security course, and a lecturer from the Australian University of Ballerat was keen to help extend the tool – and said the Australian police had heard of me and were possibly using it! Other people including lecturers from Abertay Uni and Cranfield Uni were also interested in using/helping extend it and both said I should do a PhD. Hmmm, a lot of think about!
Here are a couple of highlights from the conference. I may expand on these as further blog posts later.
- S Morris & H Chivers – An analysis of the structure and behaviour of the Win7 OS thumbnail cache. This great talk focused on how the Windows 7 thumbnail cache is vastly different to the Windows XP thumbs.db files and is insanely complicated. So complicated in fact that her entire PhD is on the subject of different OSes thumbnail cache. One ridiculous feature with Win7 thumbnails is they have removed timestamps. Good job there, Microsoft.
- M. Schuba, S. Maus & H. Hoefken – Forensic Analysis of Geodata in Android Smartphones. These guys are developing an Android Forensic Toolkit and the conference paper was on capturing locational data stored in the phone – not only from the OSes cell and wifi databases but from Apps that store geodata too. They presented a neat XML schema to normalise App geodata (some stored postcodes, others cities, others addresses etc) and then presented the results using Bing maps. Interestingly from 2009 to 2010, Android has a 615% growth rate, Apple iPhone 85% and Microsoft -20%.
Other interesting talks were on the Zeus malware, statistical methods for determining data leakage, comparisons of botnet DDoS attacks to animal swarms and the analysis of API (high level) or Op-Code (low level) calls to determine whether something is malware or not. It was a really good conference and I hope to collaborate with those I spoke to!