Search results

Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. For instance, this is an important basic requirement for SOX (Sarbanes‐Oxley Act) compliance, whereby every past transaction has to be traceable at any time. However, malicious database administrators may still be able to bypass the security mechanisms in order to make hidden modifications to the database. This paper aims to address these issues.

In this paper the authors define a novel signature of a B⁺‐tree, a widely‐used storage structure in database management systems, and propose its utilization for supporting the logging in databases. This additional logging mechanism is especially useful in conjunction with forensic techniques that directly target the underlying tree‐structure of an index. Several techniques for applying this signature in the context of digital forensics on B⁺‐trees are proposed in the course of this paper. Furthermore, the authors' signature can be used to generate exact copies of an index for backup purposes, thereby enabling the owner to completely restore data, even on the structural level.

For database systems in enterprise environments, compliance to regulatory standards such as SOX (Sarbanes‐Oxley Act), whereby every past transaction has to be traceable at any time, is a fundamental requirement. Today's database management systems usually implement sophisticated access control mechanisms to prevent unauthorized access and modifications. Nonetheless malicious database administrators would be able to bypass the security mechanisms in order to make modifications to the database, while covering their tracks.

In this paper, the authors demonstrate how the tree structure of the underlying store engine can be used to enhance forensic logging mechanisms of the database. They define a novel signature for B⁺‐trees, which are used by the InnoDB storage engine. This signature stores the structure of database storage files and can help in reconstructing previous versions of the file for forensic purposes. Furthermore, the authors' signature can be used to generate exact copies of an index for backup purposes, thus enabling the owner to completely restore data, even on the structural level. The authors applied their concept to four real‐life scenarios in order to evaluate its effectiveness.

The purpose of this paper is to discuss the role of digital forensics in an evolving environment of cyber laws giving attention to Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC) countries, comprising Bangladesh, India, Myanmar, Sri Lanka, Thailand, Nepal and Bhutan, in a dynamic global context.

This study uses a case study approach to discuss the digital forensics and cyber laws of BIMSTEC countries. The objective of the study was expected to be achieved by referring to decided cases in different jurisdictions. Cyber laws of BIMSTEC countries were studied for the purpose of this study.

The analysis revealed that BIMSTEC countries are required to amend legislation to support the growth of information technology. Most of the legislation are 10-15 years old and have not been amended to resolve issues on cyber jurisdictions.

This study was limited to the members of the BIMSTEC.

This paper is an original work done by the authors who have discussed the issues of conducting investigations with respect to digital crimes in a rapidly changing environment of information technology and deficient legal frameworks.

The purpose of this paper can be encapsulated in the following points: identify the research papers published on the topic: competencies and skills necessary for critical infrastructure (CI) cyber-security (CS) protection; determine main focus areas within the identified literature and evaluate the dependency or lack thereof between them: make recommendations for future research.

This study is based on a systematic literature review conducted to identify scientific papers discussing and evaluating competencies, skills and essential attributes needed by the CI workforce for CS and preparedness to attacks and incidents.

After a comparative analysis of the articles reviewed in this study, a variety of skills and competencies was found to be necessary for CS assurance in CIs. These skills have been grouped into four categories, namely, technical, managerial, implementation and soft skills. Nonetheless, there is still a lack of agreement on which skills are the most critical and further research should be conducted on the relation between specific soft skills and CS assurance.

Investigation of which skills are required by industry for specific CS roles, by conducting interviews and sending questionnaire\surveys, would allow consolidating whether literature and industry requirements are equivalent.

Findings from this literature review suggest that more effort should be taken to conciliate current CS curricula in academia with the skills and competencies required for CS roles in the industry.

This study provides a previously lacking current mapping and review of literature discussing skills and competencies evidenced as critical for CS assurance for CI. The findings of this research are useful for the development of comprehensive solutions for CS awareness and training.

This paper provides an introduction to research in the field of image forensics and asks whether advances in the field of algorithm development and digital forensics will facilitate the examination of images in the scientific publication process in the near future.

This study looks at the status quo of image analysis in the peer review process and evaluates selected articles from the field of Digital Image and Signal Processing that have addressed the discovery of copy-move, cut-paste and erase-fill manipulations.

The article focuses on forensic research and shows that, despite numerous efforts, there is still no applicable tool for the automated detection of image manipulation. Nonetheless, the status quo for examining images in scientific publications remains visual inspection and will likely remain so for the foreseeable future. This study summarizes aspects that make automated detection of image manipulation difficult from a forensic research perspective.

Results of this study underscore the need for a conceptual reconsideration of the problems involving image manipulation with a view toward the need for interdisciplinary collaboration in conjunction with library and information science (LIS) expertise on information integrity.

This study not only identifies a number of conceptual challenges but also suggests areas of action that the scientific community can address in the future.

Image manipulation is often discussed in isolation as a technical challenge. This study takes a more holistic view of the topic and demonstrates the necessity for a multidisciplinary approach.

The purpose of this paper is to describe and discuss the use of specifically‐developed, inquiry‐based learning materials for Computing and Forensic Computing students. Small applications have been developed which require investigation in order to de‐bug code, analyse data issues and discover “illegal” behaviour. The applications are based around industry case studies and are functioning systems. They have been designed with a view to supporting the teaching, learning and assessment within the database curriculum at Leeds Metropolitan University. The students are required to use investigative methods to discover and address the issues. Additionally, the exercises are intended to give experience of industrial work such as evaluation, testing and de‐bugging of software.

The applications were designed and developed by final year Computing students as part of their final year project. They were required to identify appropriate methodologies and techniques. The team “adopted”, developed and further evaluated the applications with a view to using them in teaching.

The initial feedback is that students like the exercises; they initially may not realize there is anything “wrong” with the applications and enjoy discovery of issues. The exercises have raised their awareness of data quality, data integrity and improved their confidence to question results from reports and queries.

The intention is to build a “bank” of learning objects which mimic real computing and computing‐forensic tasks.

This review aims to provide an understanding of the strengths and weaknesses of forensic accounting education and profession.

This paper reviews published forensic accounting studies to explore forensic accounting strengths and weaknesses.

The strengths of forensic accounting are its benefits to students and accounting professionals, the significant need and increasing demand, the new career channels and the reduction of fraud. The weakness factors are the lack of regulation, the lack of control over the profession entry, the lack of agreement on how to teach forensic accounting, the lack of specialized research journals, the misconception of its intrinsic aim, the lack of highly qualified practitioners and educators and the lack of public recognition and occupation reputation.

It is hoped that this structured investigation of the factors relevant to the current and future status of forensic accounting education and profession will provide a sufficient overview of the critical issues and concerns that are important to be known for understanding and advancing the vital application of forensic accounting on the Socio-Economic Development. It is anticipated that this paper has an impact on future policy that ultimately contributes to improving business and limit fraud incidents, thus, it can contribute to business and socio-economic development.

The literature on forensic accounting is extensive and varied. However, there is a lack of comprehensive understanding of the strengths and weaknesses of forensic accounting. This study provided policymakers with a comprehensive understanding of forensic accounting.

The purpose of this study is to explore the voluntary use of internal audit by Australian publicly listed companies and to identify factors that lead listed companies to have an internal audit function.

Drawing on the Institute of Internal Auditors' definition of internal auditing, the paper predicts that internal audit use is associated with factors related to risk management, strong internal controls and strong corporate governance. To test the predictions, the study combines data from a survey of listed companies with information from corporate annual reports. The paper also provides descriptive information on the use of internal audit.

The results indicate that only one‐third of the sample companies use internal audit. While size appears to be the dominant driver, there is also a strong association between internal audit and the level of commitment to risk management. However, the study finds only weak support for an association between the use of internal audit and strong corporate governance.

A limitation of our study is that some of the variables in the model may not be good proxies for the factors being measured. Refinement of the model and the variables used provides an opportunity for future research.

The limited use of internal audit by Australian companies has important implications for sound corporate governance.

This is the first study that identifies factors associated with the use of internal audit by Australian listed companies.

This study aims to explore the ethical and social issues of tattoo recognition technology (TRT) and tattoo similarity detection technology (TSDT), which are expected to be increasingly used by state and local police departments and law enforcement agencies.

The paper investigates the new ethical concerns raised by tattoo-based biometrics on a comparative basis with face-recognition biometrics.

TRT raises much more ethically sensitive issues than face recognition, because tattoos are meaningful biometric traits, and tattoo identification is tantamount to the identification of many more personal features that normally would have remained invisible. TSDT’s assumption that classifying people in virtue of their visible features is useful to foretell their attitudes and behaviours is dangerously similar to racist thought.

The findings hope to promote an active debate on the ethical and social aspects of tattoo-based biometrics before it is intensely implemented by law enforcement agencies.

Tattooed individuals – inasmuch as they are more controlled and monitored – are negatively discriminated in comparison to un-tattooed individuals. As tattooing is not uniformly distributed among population, many demographic groups like African–Americans will be overrepresented in tattoos databases used by TRT and TSDT, thus being affected by disproportionately higher risk to be found as a match for a given suspect.

TRT and TSDT represent one of the new frontiers of biometrics. The ethical and social issues raised by TRT and TSDT are currently unexplored.

The aim of this research is to secure the sensitive outsourced data with minimum encryption within the cloud provider. Unfaithful solutions for providing privacy and security along with performance issues by encryption usage of outsourced data are the main motivation points of this research.

This paper presents a method for secure and confidential storage of data in the cloud environment based on fragmentation. The method supports minimal encryption to minimize the computations overhead due to encryption. The proposed method uses normalization of relational databases, tables are categorized based on user requirements relating to performance, availability and serviceability, and exported to XML as fragments. After defining the fragments and assigning the appropriate confidentiality levels, the lowest number of Cloud Service Providers (CSPs) is used required to store all fragments that must remain unlinkable in separate locations.

Particularly in the cloud databases are sometimes de‐normalised (their normal form is decreased to lower level) to increase the performance.

The paper proposes a methodology to minimize the need for encryption and instead focus on making data entities unlinkable so that even in the case of a security breach for one set of data, the privacy impact on the whole is limited. The paper would be relevant to those people whose main concern is to preserve data privacy in distributed systems.

This paper aims to give an overview on a number of selected applications in comparison to a previous evaluation conducted two years ago, as well as performing an analysis on several new applications. Mobile messaging and VoIP applications for smartphones have seen a massive surge in popularity, which has also sparked the interest in research related to their security and privacy protection, leading to in-depth analyses of specific applications or vulnerabilities.

The evaluation methods mostly focus on known vulnerabilities in connection with authentication and validation mechanisms but also describe some newly identified attack vectors.

The results show a positive trend for new applications, which are mostly being developed with security and privacy features, whereas some of the older applications have shown little progress or have even introduced new vulnerabilities. In addition, this paper shows privacy implications of smartphone messaging that are not even solved by today’s most sophisticated “secure” smartphone messaging applications, as well as discusses methods for protecting user privacy during the creation of the user network.

Currently, there is no perfect solution available; thus, further research on this topic needs to be conducted.

In addition to conducting a security evaluation of existing applications together with newly designed messengers that were designed with a security background in mind, several methods for protecting user privacy were discussed. Furthermore, some new attack vectors were discussed.