Published Papers
The Economics of Developing Security Embedded Software
Market models for software vulnerabilities have been disparaged in the past citing how these do little to lower the risk of insecure software. In this paper we argue that the market models...
Published on: 2010-11-30
Topic: Developer
Linux Programming Tools
Digital forensics practitioners, incident responders and *nix system administrators should be aware of programming tools that can aid attackers. It is simple for an attacker to load code when...
Published on: 2010-07-13
Topic: Developer
NDIFF for Incident Detection
Ndiff is a tool that utilizes nmap output to identify the differences, or changes that have occurred in your environment. Ndiff can be downloaded from http://www.vinecorp.com/ndiff/. The...
Published on: 2010-06-24
Topic: Digital Forensics
Packer Analysis Report-Debugging and Unpacking the NsPack 3.4 and 3.7 Packer
The following report is an analysis of the NsPack 3.4 and 3.7 packer program (by North Star/Liu Xing Ping). Unfortunately, many commercial antivirus vendors have not adequately analyzed the NsPack...
Published on: 2010-06-17
Topic: Digital Forensics
Download PaperCriminal Specialization as a Corollary of Rational Choice
Organized criminal groups can be modeled using rational choice theory. Criminal groups act as profit seeking enterprises, and the ability to shift the economic returns away from this activity...
Published on: 2010-05-28
Topic: Cybercrime
Download PaperUnderstanding *NIX File Linking (ln)
The "ln" command is an important tool in any Unix admin's arsenal and attackers use it too, so it is essential that forensics analysts understand it.
Published on: 2010-04-09
Topic: Digital Forensics
Unix System Accounting and Process Accounting
Accounting reports created by the system accounting service present the *NIX administrator with the information to assess current resource assignments, set resource limits and quotas, and predict...
Published on: 2010-03-24
Topic: Information Security
Finer Points of Find
The *NIX "find" command is probably one of the system security tester's best friends on any *NIX system. This command allows the system security tester or digital forensic analyst to process a set...
Published on: 2010-03-22
Topic: Digital Forensics
Finding Out About Oher Users on a Linux System
These commands are used to find out about other users on a *NIX host. When testing the security of a system covertly (such as when engaged in a penetration test) it is best to stop running...
Published on: 2010-03-15
Topic: Digital Forensics
Unix Network and System Profiling
It is essential to identify network services running on a UNIX host as a part of any review. To do this, the reviewer needs to understand the relationship between active network services, local...
Published on: 2010-03-12
Topic: Digital Forensics