MSc.ISS Theses and Dissertations (2019)
Permanent URI for this collection
Browse
Browsing MSc.ISS Theses and Dissertations (2019) by Subject "Digital Forensics"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
- ItemDeveloping an automated malware detection, analysis and reporting tool for MS-Windows(Strathmore University, 2019) Mutyethau, David MatingiMemory and computer forensics is a field that has witnessed a lot of advancements in the recent past. Memory forensics enables investigators acquire and investigate the content of a computer’s RAM while computer forensics enable the investigator to acquire information from the hard drive. While valuable artifacts can be extracted from computers, the use of this technique presents several challenges, such as, data acquisition, searching for artifacts and data analysis of extracted information. The variants of malware families share typical behavioral patterns reflecting their origin and purpose. The behavioral patterns obtained either statically or dynamically can be exploited to detect and classify unknown malwares into their known families using machine learning techniques. This dissertation aims to create a malware detection, analysis and reporting tool that shall be open source, user friendly, intuitive and automated for MS Windows. The tool shall assist forensic investigators in discovering crucial information in the suspect computer such as malware present. The tool shall analyse content stored in the computer’s hard drive and captured memory images. This shall include analysis of single files, folders, hard disk partitions and the entire hard disk. For live memory, the tool shall aim to determine processes and files that were open or present at time of live analysis.
- ItemA Web based tool for securing digital evidence(Strathmore University, 2019) Warutumo, Collins SebastianDigital forensics is defined as a scientific knowledge and methods applied to the identification, acquisition, preservation, examination, and analysis of information stored or transmitted in binary form in a manner acceptable for application in legal matters. Digital forensics has increased its importance as there have been increase in the number of cyber cases involving digital forensics, official cybercrime report predicts the cases will be quadruple and will cost $6 trillion dollars by 2021. Preserving integrity of evidence in digital investigations is important as in helps the courts in delivering fair judgements.The aim of this dissertation is to develop an automated tool that helps investigators to maintain the integrity of digital evidence at acquisition phase, so as it is used to deliver a fair judgement in a court of law. The tool preserves the integrity of evidence using encryption, hashing and access controls amongst other controls. This ensures that evidence is secure as it has all attributes of security (confidentiality, availability and integrity).There are a variety of available solutions which preserve the integrity of evidence but they are not effective in terms of integrity of evidence. The developed system has the addressed the existing gaps. The study uses agile methodology, this is because it allows for fast implementation of prototype in a in short period of time hence making it efficient. Agile methodology guided on the development of the tool that is accurate, robust and secures. The main components of the system are the evidence collection and reporting modules. The result of the solution is to enhance efficiency in digital investigations by ensuring integrity of evidence. The focus of this research is integrity of evidence. The problem addressed in this research is evidence alteration at the acquisition phase which interferes with the integrity of data. The tests conducted evaluated the system’s performance which showed that resource retrieval speed averaged a few seconds leading to a high-performance rating. The response rate of the system is high, this is shown by the turnaround time of receiving requests from the server. The system’s compatibility tests show it is accessible in many browsers. The system exhibited high accuracy results in terms on preservation of integrity of evidence.