hh.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Axelsson, Stefan
Publications (3 of 3) Show all publications
Nordvik, R., Toolan, F. & Axelsson, S. (2019). Using the Object ID index as an investigative approach for NTFS file systems. Digital Investigation. The International Journal of Digital Forensics and Incident Response, 28(Supplement), S30-S39
Open this publication in new window or tab >>Using the Object ID index as an investigative approach for NTFS file systems
2019 (English)In: Digital Investigation. The International Journal of Digital Forensics and Incident Response, ISSN 1742-2876, E-ISSN 1873-202X, Vol. 28, no Supplement, p. S30-S39Article in journal (Refereed) Published
Abstract [en]

When investigating an incident it is important to document user activity, and to document which storage device was connected to which computer. We present a new approach to documenting user activity in computer systems using the NTFS file system by using the $ObjId Index to document user activity, and to correlate this index with the corresponding records in the MFT table. This may be the only possible approach when investigating external NTFS storage devices, and is hence a valuable addition to the storage forensics toolbox. © 2019 Rune Nordvik, Fergus Toolan, Stefan Axelsson

Place, publisher, year, edition, pages
Kidlington: Elsevier, 2019
Keywords
User activity, NTFS, Object ID
National Category
Computer Sciences
Identifiers
urn:nbn:se:hh:diva-39450 (URN)10.1016/j.diin.2019.01.013 (DOI)000465506500005 ()2-s2.0-85064883237 (Scopus ID)
Available from: 2019-05-22 Created: 2019-05-22 Last updated: 2019-06-07Bibliographically approved
Lopez-Rojas, E., Axelsson, S. & Baca, D. (2018). Analysis of fraud controls using the PaySim financial simulator. International Journal of Simulation and Process Modelling, 13(4), 377-386
Open this publication in new window or tab >>Analysis of fraud controls using the PaySim financial simulator
2018 (English)In: International Journal of Simulation and Process Modelling, ISSN 1740-2123, E-ISSN 1740-2131, Vol. 13, no 4, p. 377-386Article in journal (Refereed) Published
Abstract [en]

Fraud controls for financial transactions are needed and required by law enforcement agencies to flag suspicious criminal activity. These controls, however, require deeper analysis of the effectiveness and the negative impact for the legal customers. Owing to the intrinsically private nature of financial transactions, this analysis is often performed after several months of actively using fraud controls. In this paper, we present an analysis of different fraud prevention controls on a mobile money service based on thresholds using a simulator called PaySim. PaySim uses aggregated data from a sample dataset to generate a synthetic dataset that resembles the normal operation of transactions and injects malicious behaviour. With technology frameworks such as agent-based simulation techniques, and the application of mathematical statistics, we show in this paper that the simulated data can be as prudent as the original dataset for setting optimal controls for fraud detection.

Place, publisher, year, edition, pages
Olney: InderScience Publishers, 2018
Keywords
Multi-agent-based simulation, MABS, financial fraud, mobile money, fraud detection, synthetic data
National Category
Computer Sciences
Identifiers
urn:nbn:se:hh:diva-36643 (URN)10.1504/IJSPM.2018.10014984 (DOI)
Available from: 2018-04-19 Created: 2018-04-19 Last updated: 2018-08-20Bibliographically approved
Alendal, G., Dyrkolbotn, G. O. & Axelsson, S. (2018). Forensics acquisition – Analysis and circumvention of samsung secure boot enforced common criteria mode. Digital Investigation. The International Journal of Digital Forensics and Incident Response, 24(Suppl.), S60-S67
Open this publication in new window or tab >>Forensics acquisition – Analysis and circumvention of samsung secure boot enforced common criteria mode
2018 (English)In: Digital Investigation. The International Journal of Digital Forensics and Incident Response, ISSN 1742-2876, E-ISSN 1873-202X, Vol. 24, no Suppl., p. S60-S67Article in journal (Refereed) Published
Abstract [en]

The acquisition of data from mobile phones have been a mainstay of criminal digital forensics for a number of years now. However, this forensic acquisition is getting more and more difficult with the increasing security level and complexity of mobile phones (and other embedded devices). In addition, it is often difficult or impossible to get access to design specifications, documentation and source code. As a result, the forensic acquisition methods are also increasing in complexity, requiring an ever deeper understanding of the underlying technology and its security mechanisms. Forensic acquisition techniques are turning to more offensive solutions to bypass security mechanisms, through security vulnerabilities. Common Criteria mode is a security feature that increases the security level of Samsung devices, and thus make forensic acquisition more difficult for law enforcement. With no access to design documents or source code, we have reverse engineered how the Common Criteria mode is actually implemented and protected by Samsung's secure bootloader. We present how this security mode is enforced, security vulnerabilities therein, and how the discovered security vulnerabilities can be used to circumvent Common Criteria mode for further forensic acquisition. © 2018 The Author(s). Published by Elsevier Ltd on behalf of DFRWS.

Place, publisher, year, edition, pages
Kidlington: Elsevier, 2018
Keywords
Common criteria, CC mode, Mobile security, Mobile device management, Forensic acquisition, Smart phone, Samsung secure boot
National Category
Computer Sciences Embedded Systems Computer Systems Telecommunications
Identifiers
urn:nbn:se:hh:diva-36642 (URN)10.1016/j.diin.2018.01.008 (DOI)000428307900008 ()
Projects
Ars Forensica
Note

Funding: Research Council of Norway programme IKTPLUSS, under the R&D project Ars Forensica grant agreement 248094/O70.

Available from: 2018-04-19 Created: 2018-04-19 Last updated: 2018-04-20Bibliographically approved
Organisations

Search in DiVA

Show all publications