Learn More
—Kernel modules are an integral part of most operating systems (OS) as they provide flexible ways of adding new functionalities (such as file system or hardware support) to the kernel without the need to recompile or reload the entire kernel. Aside from providing an interface between the user and the hardware, these modules maintain system security and(More)
Keywords: Digital forensics Memory analysis Operating system fingerprinting Approximate matching sdhash a b s t r a c t The correct identification of operating system kernel versions is the first critical step in deep memory analysiseit enables the precise parsing of the kernel data structures and the correct interpretation of the observed system state.(More)
We develop and analyze an ARQ (Automatic Repeat reQuest) initialized transmit diversity protocol for cooperative communications. Medium access control (MAC) layer packet retransmission limit (similar to aShortRetryLimit or aLongRetryLimit [802.11-1997]) has been used as an actuator for transmit cooperative diversity initialization. We take the channel state(More)
Digital forensic examiners often need to identify the type of a file or file fragment based on the content of the file. Content-based file type identification schemes typically use a byte frequency distribution with statistical machine learning to classify file types. Most algorithms analyze the entire file content to obtain the byte frequency distribution,(More)
SCADA systems run 24/7 to control and monitor industrial and infrastructure processes. In case of potential security incidents, several challenges exist for conducting an effective forensic investigation. This paper discusses these challenges and investigates potential solutions. It shows the limitations of traditional IT-based approaches and also presents(More)
Identifying the file type (TXT, EXE, JPEG, etc.) is important for computer security applications such as computer forensics, steganalysis, and antivirus programs. The common approach for this is to use file extensions , magic numbers, or other header information. However, these are susceptible to tampering or corruption ; for instance, the file extension(More)
Types of files (text, executables, Jpeg images, etc.) can be identified through file extension, magic number, or other header information in the file. However, they are easy to be tampered or corrupted so cannot be trusted as secure ways to identify file types.In the presence of adversaries, analyzing the file content may be a more reliable way to identify(More)