MSc.ISS Theses and Dissertations

Permanent URI for this community

http://hdl.handle.net/11071/5612

Browse

Browsing MSc.ISS Theses and Dissertations by Issue Date

Filter results by year or month
Now showing 1 - 20 of 34
  • Thumbnail Image
    Item
    A Web based information security skills assessment prototype
    (Strathmore University, 2017) Nkonge, Regina Kagwiria
    Cyber-attacks are continuously evolving to a great extent faster than cyber defences. The result is an ever-increasing frequency of attacks and the probability of success over time. To ensure employees are able to avoid or counter information security attacks directed at them and the organisation, it is necessary to carry out continuous security awareness and training, and, ensure this training is relevant to employees. Existing tools to assess information security skills among employees generally require the expertise of technical persons and are often not well tailored to an organisations’ specific needs. This study aims at developing a prototype which organisations can use to create information security skills assessments for their employees. Employees can then log in to the prototype at their convenient time and take the assessment. At the end of the assessment, each employee receives a percentage mark of their performance. Based on this percentage the employee is ranked as either beginner, intermediate or advanced and is also given a list of their weak areas based on questions they got wrong. The weak areas can be used to identify gaps and this information used to customise security awareness and training programs to meet employees’ needs. The research study adopted agile development methodology to design and develop a prototype to address identified gaps. The prototype was tested and validated to ensure it meets the intended goals and recorded impressive results.
  • Thumbnail Image
    Item
    Maintaining a bitcoin address repository through focused web crawling
    (Strathmore University, 2017) Macharia, Caroline Wanjira
    There has been an increase in the use of cryptocurrencies such as Bitcoin (BTC). Bitcoin allow for cross-border payments, for large and small items at little or no transaction fee. It is a groundbreaking technology that is not restricted by the current Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT). The decentralised nature of Bitcoin provides for anonymity through possible use of multiple identities that are not linked to personally identifiable information. Bitcoin offers a convenient solution for criminals who are restricted by the conventional money transfer systems. Bitcoin has been linked to drug dealers, gold bugs, fraudsters, terrorists, whistleblowers, pornographers, Internet freedom activists and unregulated gaming enterprises (Simser, 2015). Other cybercrimes that are facilitated by Bitcoin include ransomware. This research identified a gap in acquiring digital evidence related to Bitcoin transactions. The data was obtained from case laws and secondary materials relating to Bitcoin forensics. We suggest a solution of maintaining a Bitcoin address repository through regular crawling of cryptocurrency sites. A web crawler that visits a list of user defined cryptocurrency sites was developed to solve the identified problem. The crawled sites include websites of interest to investigators. Results are stored in an XML file which can be exported to any database. The addresses and metadata collected from webpages can be used by investigators when building a case for Bitcoin related crimes. Transaction data about the collected addresses is available on the Bitcoin blockchain.
  • Thumbnail Image
    Item
    OpenSSL vulnerabilities in mobile banking applications
    (Strathmore University, 2017) Muriuki, Paul William
    Mobile banking has taken Kenya by storm. It is an easy and convenient banking channel in your hands. It is accessible from anywhere provided you have an internet connection or connectivity to your mobile network provider. Banks and other financial institutions have seen the numerous benefits of providing mobile banking services to their customers and each one is rushing to deploy their own mobile banking solution in an attempt to gain a competitive edge over their competitors. But as with new inventions, particularly those aimed at people’s finances, existing and potential clients of these institutions are worried as to how safe their transactions are. This is especially so since they are effected from remote locations and through their mobile devices. Questions are being asked concerning how secure mobile banking is and how safe personal information is while being transmitted from mobile devices to banks. This study seeks to understand the architecture of mobile banking solutions and identify potential areas of vulnerability in the systems deployed. It further seeks to look at how secure the deployed OpenSSL third party libraries are. Third party OpenSSL libraries are used extensively to secure data in transmission. The study, by leveraging the software development life cycle’s Agile development methodology, proposes to provide a tool that can be used by financial institutions to test banking applications developed for mobile devices before deploying them to the market. This will ensure that only secure systems are deployed. The results of this study will show the importance of proper testing before application deployment.
  • Thumbnail Image
    Item
    A Platform for monitoring of security and audit events: a test case with windows systems
    (Strathmore University, 2017) Kimathi, Collins Chandi
    The rise in cyber attacks against organisations and government agencies has created a need for improving security and monitoring of Information Technology assets. Analysis and monitoring of security events are one of the key areas when it comes to detecting and preventing security compromises in any organisation. While intrusion detection and prevention are often used to measure security management in an organisation, there are challenges of false positives, false negatives and information overload to the analysts tasked with monitoring. This work proposes to deliver an event collection and analysis system to monitor the security of Information Technology assets that have Windows Operating Systems, a centralised log management tool and dashboards to monitor analysed events in real-time for security alarms. The system will involve an agent to collect security and events from Windows Operating systems and send the events in a readable JSON format to the processing server for analysis and there after visualisation of various security events of interest. While security alarms such as bruteforce attacks can be identified and escalated to the security analysts. Testing was carried out by generating the desired security events from a Windows 10 virtual machine that were captured by the designed system.
  • Thumbnail Image
    Item
    Forensic analysis of office open XML spreadsheets
    (Strathmore University, 2017) Godiah, David Odhiambo
    Digital Forensics is the science of acquiring, preserving, analysing and presenting digital evidence from computers, digital devices and networks in a manner that is admissible in a court of law to support an investigation. Microsoft Office, LibreOffice, OpenOffice, NeoOffice and Google documents spreadsheets and presentations are widely used to store and circulate data and information especially within organisations. They are often rich in information deeply embedded in them that can be retrieved by examining metadata or deleted material still present in the files.OOXML is a standard developed by Microsoft and registered by ECMA (as ECMA-376), and approved by the ISO and IEC (as ISO/IEC 29500:2008) as an open standard for the development of Office documents, spreadsheets and presentations. Documents, spreadsheets and presentations created using this standard consist of zipped file containers, parts and relationships which upon extraction and analysis reveals forensically interesting information. Existing forensic tools have limitations as far as extracting and analysing OOXML spreadsheet metadata is concerned in that most of them can extract only limited and basic metadata.The objective of this research is to carry out forensic analysis of metadata in OOXML spreadsheets by studying limitations of existing forensic tools in extracting and analysing metadata in OOXML spreadsheets and designing and developing a Proof of Concept (PoC) implementation of a forensic tool that supports automated forensic analysis of OOXML spreadsheets with improved visualization, efficiency and advanced reporting functionality. This research adopts a methodology to review OOXML spreadsheet metadata extraction and analysis capabilities of existing forensic tools using sample spreadsheet datasets, carry out system analysis, design and PoC implementation of a forensic tool. In addition, the research carries out manual, functional, and security tests; quality assurance; and validation of the developed Proof of Concept implementation. The developed tool is able to extract and analyse relevant metadata from OOXML spreadsheets and present results in a forensic report.
  • Thumbnail Image
    Item
    A Client based email phishing detection algorithm: case of phishing attacks in the banking industry
    (Strathmore University, 2017) Oroko, Edwin Orina
    Today, the banking sector has been a target for many phishing attackers. The use of email as an electronic means of communication during working hours and mostly for official purposes has made it a lucrative attack vector. With the rapid growth of technology, phishing techniques have advanced as seen in the millions of cash lost by banks through email phishing yearly. This continues to be the case despite investments in spam filtering tools, monitoring tools as well as creating user awareness, through training of banking staff on how they can easily identify a phishing email. To protect bank users and prevent the financial loses through phishing attacks, it important to understand how phishing works as well as the techniques used to achieve it. Moreover, there is a great need to implement an anti-phishing algorithm that collectively checks against phishing linguistic techniques, existence of malicious links and malicious attachments. This can lead to an increase in the performance and accuracy of the designed tool towards detecting and flagging phishing emails thus preventing them from being read by target. Evolutionary prototyping methodology was applied during this research. The advantages are in the fact that it enabled continuous analysis and supervised learning of the algorithm development until the desired outcome was achieved. This research aimed at understanding the characteristic of phishing emails, towards achieving defence in depth through creation of an algorithm for detecting and flagging phishing emails. In this research, we have implemented a client-based anti-phishing algorithm. The algorithm is able to analyse phishing links, identify malicious email attachments and perform text classification using a Naïve Bayes classifier to identify phishing terms in a new unread email. It then flags the email as malicious and sends it to the spam folder. Therefore the user only gets clean emails in the inbox folder.
  • Thumbnail Image
    Item
    Open source intelligence gathering for hate speech in Kenya
    (Strathmore University, 2018) Adhi, Banchale Gufu
    The Internet has been celebrated for its ability to erode barriers between nations. Social media is a powerful medium that can unite, inform, and move people. One post can start a chain of events that changes the world. It gives users fast access to and sharing of information and facilitates ease of communication. However, the Internet allows for a lot of negativity as well. There has been an increase in hate speech activities on social media in the Kenyan cyber space. The National Cohesion and Integration Commission (NCIC) was established to facilitate and promote equality of opportunity, good relations, harmony and peaceful co-existence between persons of the different ethnic and racial communities of Kenya, and to advise the Government on all aspects thereof (Act No, 12, 2008). In particular, the NCIC Act of 2008 is mandated to curb hate speech. This research studied existing hate speech detection tools in use by NCIC, then identified gaps and challenges faced. A technical solution (tool for analyzing hate speech) was proposed that can be implemented by the NCIC and the government to respond to hate-speech cases perpetrated through social media platforms. The developed tool tracked challenges and gaps in the existing tools currently in use by NCIC for hate speech monitoring, detection and analysis. Due to the differences in Application Programming Interface (API) implementation on the variety of social media platforms used in Kenya, the scope of this research is limited to Twitter. This research employed the use of predictive analytics for text classification using Naïve Bayes. A tool that uses the predictive model in assistance to detection of hate-speech online was developed to conceptualize the solutions discussed in this research.
  • Thumbnail Image
    Item
    Distributed fuzzing for software vulnerability discovery
    (Strathmore University, 2018) Maalim, Farhiya Osman
    Information Security is concerned with effectively protecting the confidentiality, integrity and availability of data. Software bugs/defects threaten these three elements of information security. By failing to identify and focus upon the root causes of risks such as software vulnerabilities, there is a danger that the response to Information Security compromises become solely reactive. Fuzzing is a software testing technique that is used to discover software vulnerabilities. The project undertaken is a Distributed Fuzzer that runs on multiple computing environments in the cloud. The advantage of distributed fuzzing compared to regular fuzzing is the ability to run multiple test cases concurrently thus increasing the efficiency of fuzzing. The aim of this project is to improve fuzzing in order to increase the efficiency of discovering vulnerabilities and software defects. This will ultimately increase the security of a software/application. The research study was accomplished by using Ansible as a system orchestration tool to run AFL Fuzzers on multiple computing environments in the cloud. The results were collected and presented in this study.
  • Thumbnail Image
    Item
    Digital content security: video streaming digital rights management system
    (Strathmore University, 2018) Owenda, Benjamin Odonya
    The usability and applicability of digital videos, especially through the Internet, offers great opportunities for Kenyan content creators to further their careers as the platform enables them to share ideas which contributes to knowledge in the field which in turn generates wealth in the industry as new and efficient ways of creating the content are discovered making the production and distribution process cost effective. The Internet is however proving to be a double-edged sword as there have been multiple reports and incidences of copyright infringement within the country. This can be largely attributed to the fact that the platforms available to the average user provide a convenient environment for them to make several copies of the protected media file and distribute them as they wish: which facilitates misuse, piracy and plagiarism. The purpose of this project was to mitigate the unlawful replication and dissemination on an enormous scale of digital videos that are owned by practitioners in the education industry and presented to end users over the Internet. This followed a move by the players in the industry to convert their content into a digital format to meet the demand for online classes. Popular avenues that have been used to acquire copies of the digital streams include by use of standalone file grabbing software such as Internet Download Manager or browser plugins such as DownThemAll. These software implementations are extremely simple to use and allow users to create local copies of the streams through a single click of a button. They therefore present a threat to an entire ecosystem as content creators are heavily dependent on revenues generated from their material. This study seeks to develop a solution in the form of a Digital Rights Management (DRM) system that can be used to secure video streams and, in the process, preserve their economic value. A DRM system secures and implements the rights associated with the use of digital content by use of a set of access control technologies, which ensures that the videos are consumed as intended, and no illegal duplicates are created. Rapid Application Software Development Methodology were leveraged to accomplish the objectives
  • Thumbnail Image
    Item
    A Platform for analyzing log files using temporal logic approach: a test case with web server logs
    (Strathmore University, 2018) Muema, Peris Ndululu
    Web logs are a set of recorded events between clients and web servers. Information provided by these events is valuable to computer system administrators, digital forensic investigators and system security personnel during digital investigations. It is important for these entities to understand when certain system events were initiated and by whom. To achieve this, it is fundamental to gather related evidence to the crime from log files. These forensic procedures however pose a major challenge due to large sizes of the web log files, difficulty in understanding and correlating to attack patterns associated to digital crimes. The connections of events that are remotely positioned in the large log files require extensive computational manpower. This dissertation proposes the design, implementation and evaluation of a web log analysis system based on temporal logic and reconstruction. The case study will be on web server misuse. Temporal Logic operators represent system changes over time. The reconstruction of records in web server log files as streams will enable the implementation of temporal logic on the streaming data. The web server attack patterns established will be described by a special subset of temporal logic known as MSFOMTL (Many Sorted First Order Metric Temporal Logic). The attack patterns will be written in a special EPL (Event Processing Language) as queries and be parsed through Esper, a Complex Event Processing (CEP) engine. To ensure the proposed system increases the quality of log analysis process, log analysis will be performed based on a time window mechanism on sorted log files.
  • Thumbnail Image
    Item
    A Collaborative tool to prevent fraudulent usage of financial cards
    (Strathmore University, 2018) Gitau, Wilson Ndungi
    Technology usage has advanced a great deal in banking and telecommunication sectors. With the continuous improving infrastructures in information technology, new technological dimensions have been opened up to ease processes in these sectors, for example people do not travel to pass communication, to shop and in banking people do not necessarily walk in to the banks to facilitate their financial transactions. Despite this advancement there are dire consequences of possible fraud or crime when we lose our banking identity documents and financial cards. Compromised, lost and stolen credit cards, debit cards, SIM cards, identity cards can be used in crimes. Due to vast adoption of this technology it has increased the surface of this kinds of crime, thereby causing financial loses and posing a challenge when tracking and preventing fraudulent events of the compromised financial cards. This study proposes and implements a system that: prevents fraudulent usage of compromised and lost financial identity items. These items include credit cards, debit cards, and SIM cards. The system will work towards assisting the authorities in investigating crime caused by financial cards. The system provides a blacklist API to the card industry, banking, merchant’s systems and individuals to back-list lost financial identity cards, an alert interfaces that reports usage of blacklist financial cards and a comprehensive reporting tool that helps in investigation of the crime. Agile methodology was adopted as the software methodology for the solution development. A prototype was developed to test the proposed solution. The system was populated with the relevant sample data for evaluation and validation.
  • Thumbnail Image
    Item
    Investigating keystroke dynamics as a two-factor biometric security
    (Strathmore University, 2018) Njogholo, Brian Mwandau
    Keystroke dynamics is the study of how people can be distinguished based on their typing rhythms. This proposal aims at investigating user authentication approaches and how keystroke dynamics can be used to enhance user authentication and access control. With more users embracing technologies and using applications without necessarily understanding the security repercussions, a further protection mechanism needs to be employed. It emphasizes on the need of an additional layer of security, through keystroke dynamics, on top of the traditional username-password combination to enhance security during authentication. It also proposes the use of a machine learning classifier for possible application in keystroke dynamics to verify and validate the legitimacy of a user during authentication.
  • Thumbnail Image
    Item
    Securing a "Bring Your Own Application" cloud environment using digital forensics
    (Strathmore University, 2018) Litunya, Duncan Oyando Akhonya
    The use of cloud applications introduces new challenges to information systems Security. The idea of applications accessible from multiple devices and hosted or provided by third party organizations brings new complications to IT security. In situations where organizations are embracing Bring Your Own Applications (BYOA) and where they allow use of free to public cloud applications within their networks, it is important for IT Security experts to consider how to secure their BYOA environments and also monitor how these applications are used and the flow of information. The aim of this research is to develop a digital forensics based solution for securing BYOA cloud environment. This solution can be used to improve security in an organisation implementing BYOA. The research focuses on free to public cloud applications, whereby security challenges are identified and security measures proposed. The security measures are enforced through the development of a customized solution. The solution has been developed using rapid application development (RAD) system development methodology. Using Geany editor and Python programming language, the prototype developed relies on digital forensics artefacts to gather information about the usage of BYOAs. The solution captures digital forensics artefacts and stores them into a database as logs of the activity on Google Drive application. The solution demonstrates how digital forensics artefacts can be used to enhance security in a BYOA environment.
  • Thumbnail Image
    Item
    Design and implementation of a private certificate authority: a case study of Telkom Kenya limited
    (Strathmore University, 2018) Moraa, Deborah Rioba
    Public Key Infrastructure (PKI) provides confidentiality and integrity to an enterprise and its customers. Applications accessed through corporate network needs to be protected when in transit and hence the need for a Certificate Authority (CA). Most enterprises currently purchase digital certificates from other Certificate Authorities, for instance Comodo, Symantec, Digicert, Thwate, GoDadddy, etc. Others purchase through third parties for instance Cloud Productivity Solutions in Kenya who then get their digital certificates from GeoTrust. These certificates are used to guarantee secure communication when accessing services on servers within an organization. The main challenge of buying of the certificates is the high purchase cost of single or Subject Alternative Name (SAN) certificates. By having their own Certificate Authority, digital certificates would cost less and give an enterprise the means to control large numbers of Digital Certificates for SSL, authentication, document signing, S/MIME (Secure/Multipurpose Internet Mail Extensions) and other usages of digital signatures. This implies that costs would be reduced by generation of enterprise-owned digital certificates instead of purchasing them. By understanding the current infrastructure in place, a CA was created for generation distribution and revocation of SSL certificates. This would replace purchasing of certificates signed by other public Certificate Authorities. This dissertation sought to design, develop and implement a comprehensive CA as per the X.509 standard for the purpose of generation of certificates for internal use for corporates and selling of the same to generate revenue so as to cut on costs incurred on purchase of digital certificates. Also a proof of concept of a private CA was used to validate the certificate authority with security of the Certificate Authority being considered.
  • Thumbnail Image
    Item
    Secure plugin for automated software updates using Public Key Infrastructure for embedded systems
    (Strathmore University, 2018) Mbuvi, Victor Malombe
    Embedded systems are the driving force for technological development in many domains such as automotive, healthcare, and industrial control in the emerging post-PC era. As more and more computational and networked devices are integrated into all aspects of our lives in a pervasive and invisible way, security becomes critical for the dependability of all smart or intelligent systems built upon these embedded systems. Most embedded device software is not updated after deployment. This is because chip manufacturers and system manufacturers (usually original device manufacturers) do not have any incentive, expertise, or even ability to patch the software once it is shipped. This leaves IoT developers to improvise their own ways of delivering software updates for embedded devices. These techniques do not have security in their design, and hence malicious updates from unauthorised sources may change the software leading to mass compromise. This research reviewed previous work done using the Public Key Infrastructure in securing software updates in legacy systems and led to the development of a secure software updates plugin for embedded devices. The prototype applies Experimental Research Design and Agile Development Methodology, for building of an evaluation platform. It provides opportunities to assess the dissertation progress and direction throughout the development lifecycle. This is achieved through iterations, coming up with a potentially stable product finally.
  • Thumbnail Image
    Item
    Access controls on IP based cameras in IoT ecosystem
    (Strathmore University, 2019) Muya, Mary Wairimu
    Internet of things (IoT) is a concept of connected things that allows embedded devices, sensors and actuators to interconnect and share data thus bridging the gap between physical devices and virtual objects. The concept of IoT started gaining popularity in 2010, with its popularity impressively outgrowing other concepts up to date. The growth of IoT has seen more than 30% companies globally initiating the process of deploying IoT. IoT security has been a challenge due to its nascent market where manufacturers focus much on getting the product to the market rather than building security from start. Internet Protocol (IP) based cameras are among the most popular IoT devices. Governments, corporations to small business and homeowners are using cameras for surveillance among other activities, with their popularity growing due to their ability to collect and transmit data remotely. As cameras are expected to perform sophisticated tasks, it is important to protect the cameras and data they handle.The focus of this dissertation is to come up with an access control solution for IP based cameras, in efforts to reduce vulnerabilities associated with identity and access management. This dissertation adopted Rapid Application Development (RAD) methodology to develop the proposed solution. The methodology provided flexibility in changing requirements and testing the prototype at an early stage to continuously improve the system. Must, Should, Could, Would Not (MoSCoW) method was used to identify and rank requirements in evaluating the gaps that existed in the market, as this dissertation could not address all the vulnerabilities the method helped in picking the vulnerabilities to be handled first.The tested and validated prototype provides a mechanism to restrict factory set authentication credentials, system access lockouts and sending of alerts in cases of suspicious login attempts. The prototype demonstrate how Integrity of camera feeds can be maintained by using a combination of interplanetary file system (IPFS) and Blockchain. The solution also records and stores system logs in immutable format to support forensic investigations
  • Thumbnail Image
    Item
    A Web based tool for securing digital evidence
    (Strathmore University, 2019) Warutumo, Collins Sebastian
    Digital forensics is defined as a scientific knowledge and methods applied to the identification, acquisition, preservation, examination, and analysis of information stored or transmitted in binary form in a manner acceptable for application in legal matters. Digital forensics has increased its importance as there have been increase in the number of cyber cases involving digital forensics, official cybercrime report predicts the cases will be quadruple and will cost $6 trillion dollars by 2021. Preserving integrity of evidence in digital investigations is important as in helps the courts in delivering fair judgements.The aim of this dissertation is to develop an automated tool that helps investigators to maintain the integrity of digital evidence at acquisition phase, so as it is used to deliver a fair judgement in a court of law. The tool preserves the integrity of evidence using encryption, hashing and access controls amongst other controls. This ensures that evidence is secure as it has all attributes of security (confidentiality, availability and integrity).There are a variety of available solutions which preserve the integrity of evidence but they are not effective in terms of integrity of evidence. The developed system has the addressed the existing gaps. The study uses agile methodology, this is because it allows for fast implementation of prototype in a in short period of time hence making it efficient. Agile methodology guided on the development of the tool that is accurate, robust and secures. The main components of the system are the evidence collection and reporting modules. The result of the solution is to enhance efficiency in digital investigations by ensuring integrity of evidence. The focus of this research is integrity of evidence. The problem addressed in this research is evidence alteration at the acquisition phase which interferes with the integrity of data. The tests conducted evaluated the system’s performance which showed that resource retrieval speed averaged a few seconds leading to a high-performance rating. The response rate of the system is high, this is shown by the turnaround time of receiving requests from the server. The system’s compatibility tests show it is accessible in many browsers. The system exhibited high accuracy results in terms on preservation of integrity of evidence.
  • Thumbnail Image
    Item
    Employee awareness on social engineering threats in the financial sector
    (Strathmore University, 2019) Wokabi, Francis Mwangi
    Despite the great gains that have been achieved through use of the Internet, a lot of threats have also emanated in equal measure from its increased usage. Some of the threats are largely associated with cyber-attacks. From identity theft, phishing, tailgating, shoulder surfing and google hacking among others. Generally, most of these attacks would typically begin with the very basic stage or phase known as social engineering. Financial institutions are at high risk today as attackers use various forms of attacks to social engineer the employees that work in the financial sector. The use of trickery and deception by cyber criminals to gain the trust of employees has made them the most vulnerable element of a computer system. The aim of this study was to identify the various forms of social engineering attacks in the financial sector and to develop a web-based assessment tool that will enable financial institutions to enhance the preparedness of their employees by assessing their awareness levels with respect to social engineering threats. The tool was used to achieve this by administering assessment tests to employees and the results from the assessment tests were used to determine training requirements for the employees. The proposed tool was developed using the Rapid Application Development (RAD) approach or methodology through a series of continuous testing and integration phases to ensure that the final product met the specified requirements. The results from the testing phases of the development revealed that the system is robust enough to handle requests from more than 80 users and it’s performance is not degraded even as the number of users increase. The system has an accuracy rate of 100% when it comes to scoring questions. In addition to this, the tests showed that the system has an overall average response time of between one to five minutes when responding to user requests.
  • Thumbnail Image
    Item
    Developing an automated malware detection, analysis and reporting tool for MS-Windows
    (Strathmore University, 2019) Mutyethau, David Matingi
    Memory and computer forensics is a field that has witnessed a lot of advancements in the recent past. Memory forensics enables investigators acquire and investigate the content of a computer’s RAM while computer forensics enable the investigator to acquire information from the hard drive. While valuable artifacts can be extracted from computers, the use of this technique presents several challenges, such as, data acquisition, searching for artifacts and data analysis of extracted information. The variants of malware families share typical behavioral patterns reflecting their origin and purpose. The behavioral patterns obtained either statically or dynamically can be exploited to detect and classify unknown malwares into their known families using machine learning techniques. This dissertation aims to create a malware detection, analysis and reporting tool that shall be open source, user friendly, intuitive and automated for MS Windows. The tool shall assist forensic investigators in discovering crucial information in the suspect computer such as malware present. The tool shall analyse content stored in the computer’s hard drive and captured memory images. This shall include analysis of single files, folders, hard disk partitions and the entire hard disk. For live memory, the tool shall aim to determine processes and files that were open or present at time of live analysis.
  • Thumbnail Image
    Item
    Mitigating security implications of bringing your own device in an enterprise environment
    (Strathmore University, 2019) Gono, Alfred Regerai
    The rapid growth in the bring your own device (BYOD) phenomenon, has resulted in the introduction of personal mobile devices in the Enterprise environment. The benefit derived from embracing BYOD in organisations is enhanced mobility of employees and the reduced equipment cost to Enterprises. An effective BYOD management is required to protect company data as diverse mobile devices are finding their way into the enterprise. Available mobile device statistics revealed that 52% of these devices are either lost or stolen worldwide, this becomes a major security concern amid risk of exposure of sensitive and important corporate data. The highlighted risks to the enterprises requires a solution to safeguard, reduce and attempt to mitigate security breaches. This research seeks to answer the following how intrusion detection is leading to increase in cybercrime? Rational look at security challenges for BYOD and how secure is BYOD? The rapid application development (RAD) methodology was applied in this research to prototype a scanning and detection technique to prevent or mitigate threats from BYOD to the enterprise environment. The developed application is a scanner and firewall that will be able to scan, monitor and mitigate malicious attacks on BYOD and present results of scanned devices, ports and blocked devices with a 95% accuracy.