H. Venter | University of Pretoria (original) (raw)
Papers by H. Venter
South African Institute of Computer Scientists and Information Technologists, Jul 20, 2005
Bookmarks Related papers MentionsView impact
When conducting a computer-based assessment, several infringements of assessment regulations coul... more When conducting a computer-based assessment, several infringements of assessment regulations could arise. Examples are illegal communication (e.g. by email, web, cell phone), hiding of computer objects with the aim of accessing or utilizing it, impersonation of another learner and presenting the project of another learner. If infringement is suspected, a computer forensic investigation should be launched. Almost no academic institution has a computer forensic department that can assist with a computer forensic investigation and therefore the responsibility rests upon the lecturer. The purpose of this project is to apply forensic principles to a computer-based assessment environment in order to facilitate the identification and prosecution of any party that contravenes assessment regulations. The aim of the current paper is to consider the nature of a forensic ready computer-based assessment environment in more detail. This nature is derived from established computer forensic princip...
Bookmarks Related papers MentionsView impact
2015 International Conference on Computing, Communication and Security (ICCCS), 2015
With the advent of cloud computing systems it has become possible to provision large scale system... more With the advent of cloud computing systems it has become possible to provision large scale systems in a short time with little effort. The systems underpinning these cloud systems have to deal with massive amounts of data in order to function. Should an indecent occur that requires some form of forensic investigation it can be very challenging for an investigator to conduct the investigation. This is due, in large part, to the volatility of data in cloud systems. In this paper, a model architecture is proposed to enable proactive forensics of cloud computing systems. Using a reference architecture for cloud systems, an add-on system is created to enable the capture and storage of forensic data. The captured data is then available to the investigator should the need for an investigation arise. This must be achieved with minimal alteration or interruption of existing cloud systems. The system is described and a theoretical architectural model is given. An evaluation discusses the possible advantages and disadvantages of such a system and how it can be implemented as a proof of concept. It also relates the proposed model to the ISO 27043 standard of forensic investigations.
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Computers & Security, 2002
This category involves vulnerabilities concerned with retrieving information of user accounts fro... more This category involves vulnerabilities concerned with retrieving information of user accounts from a specific system [SMK2 01]. As soon as an intruder has retrieved a list of the user names registered on a specific system, it is often only a matter of time before he/she obtains the password by using a passwordcracking program, for example L0pht Crack [LOPH 01]. After all, the user names have to be obtained before any attempt can be made to crack passwords.
Bookmarks Related papers MentionsView impact
A legion of vulnerabilities are potentially compromising the security status of IT industries inf... more A legion of vulnerabilities are potentially compromising the security status of IT industries infrastructures today. Current state-of-the-art intrusion detection systems (IDSs) can potentially identify some of the vulnerabilities. Each IDS defines its own and unique list of vulnerabilities, making it cumbersome for organisations to assess the completeness and reliability of vulnerability scans. What This furthermore complicates the matter of determining the degree to which a specific IDS complies to with the security requirements of a specific organisation. This paper presents an approach to harmonise different sets of vulnerabilities as currently used by state-of-the-art IDS tools.
Bookmarks Related papers MentionsView impact
south african institute of computer scientists and information technologists, Oct 4, 2004
ABSTRACT As the transmission of data over the internet increases, the need to protect connected s... more ABSTRACT As the transmission of data over the internet increases, the need to protect connected systems also increases. Intrusion Detection Systems (IDSs) are the latest technology used for this purpose. Although the field of IDSs is still developing, the systems that do exist are still not complete, in the sense that they are not able to detect all types of intrusions. Some attacks which are detected by various tools available today cannot be detected by other products, depending on the types and methods that they are built on. Using a Genetic Algorithm (GA) is one of the methods that IDSs use to detect intrusions. They incorporate the concept of Darwin's theory and natural selection to detect intrusions. Not much research has been conducted in this area besides the Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis (GASSATA) tool; there are very few IDSs that are completely developed from using GAs. The focus of this paper is to introduce the application of GA, in order to improve the effectiveness of IDSs.
Bookmarks Related papers MentionsView impact
Innovations in Smart Cities Applications Volume 5, 2022
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3-10 Septem... more Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3-10 September 2017, Freedom of the Seas Cruise
Bookmarks Related papers MentionsView impact
WIREs Forensic Science, 2020
Bookmarks Related papers MentionsView impact
Suid-Afrikaanse Tydskrif vir Natuurwetenskap en Tegnologie, 2016
Bookmarks Related papers MentionsView impact
Computers & Security, 1998
The Internet constitutes a means of communication in terms of which millions of messages and huge... more The Internet constitutes a means of communication in terms of which millions of messages and huge chunks of data are electronically sent millions of miles across the globe each day thanks to the Transmission Control Protocol/Internet Protocol (TCP/IP). One of the functions of the TCP/IP is to break up each of these messages into smaller entities of equal length. Such
Bookmarks Related papers MentionsView impact
2016 24th Telecommunications Forum (TELFOR), 2016
In order for digital evidence from a digital forensic investigation to be admissible, one needs t... more In order for digital evidence from a digital forensic investigation to be admissible, one needs to follow a formalised and ideally standardised process. The authors' previous research and initiative within ISO resulted in a new international standard ISO/IEC 27043:2015, titled “Information technology — Security techniques — Incident investigation principles and processes” as published in March 2015. The standard governs the digital forensic investigation process and covers it from a wide angle, while harmonising existing process models in this field. In this paper, the authors give an analysis of both the standard itself and of related standards so as to enable the reader to understand the ecosystem of standards relating to the digital forensic investigation process and role of ISO/IEC 27043:2015.
Bookmarks Related papers MentionsView impact
2019 IEEE Conference on Application, Information and Network Security (AINS), 2019
Bookmarks Related papers MentionsView impact
2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), 2020
The relationship between negative and positive connotations with regard to malware in the cloud i... more The relationship between negative and positive connotations with regard to malware in the cloud is rarely investigated according to the prevailing literature. However, there is a significant relationship between the use of positive and negative connotations. A clear distinction between the two emanates when we use the originally considered malicious code, for positive connotation like in the case of capturing keystrokes in a proactive forensic purpose. This is done during the collection of digital evidence for Digital Forensic Readiness (DFR) purposes, in preparation of a Digital Forensic Investigation (DFI) process. The paper explores the problem of having to use the keystrokes for positive reasons as a piece of potential evidence through extraction and digitally preserving it as highlighted in ISO/IEC 27037: 2012 (security approaches) and ISO/IEC 27043: 2015 (legal connotations). In this paper, therefore, the authors present a technique of how DFR can be achieved through the collection of digital information from the originally considered malicious code. This is achieved without modifying the cloud operations or the infrastructure thereof, while preserving the integrity of digital information and possibly maintain the chain of custody at the same time. The paper proposes that the threshold of malicious code intrusion in the cloud can be transformed to an efficacious process of DFR through logical acquisition and digitally preserving keystrokes. The experiment-tested keystrokes have shown a significant approach that could achieve proactive forensics.
Bookmarks Related papers MentionsView impact
Forensic Science International: Reports, 2020
Abstract A potential security incident may go unsolved if standardized forensic approaches are no... more Abstract A potential security incident may go unsolved if standardized forensic approaches are not applied during lawful investigations. This paper highlights the importance of mapping the digital forensic application requirement specification to an international standard, precisely ISO/IEC 27043. The outcome of this work is projected to contribute to the problem of secure DF tool creation, and in the process address Software Requirements Specification (SRS) as a process of digital evidence admissibility.
Bookmarks Related papers MentionsView impact
Forensic Science International: Synergy, 2019
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
South African Institute of Computer Scientists and Information Technologists, Jul 20, 2005
Bookmarks Related papers MentionsView impact
When conducting a computer-based assessment, several infringements of assessment regulations coul... more When conducting a computer-based assessment, several infringements of assessment regulations could arise. Examples are illegal communication (e.g. by email, web, cell phone), hiding of computer objects with the aim of accessing or utilizing it, impersonation of another learner and presenting the project of another learner. If infringement is suspected, a computer forensic investigation should be launched. Almost no academic institution has a computer forensic department that can assist with a computer forensic investigation and therefore the responsibility rests upon the lecturer. The purpose of this project is to apply forensic principles to a computer-based assessment environment in order to facilitate the identification and prosecution of any party that contravenes assessment regulations. The aim of the current paper is to consider the nature of a forensic ready computer-based assessment environment in more detail. This nature is derived from established computer forensic princip...
Bookmarks Related papers MentionsView impact
2015 International Conference on Computing, Communication and Security (ICCCS), 2015
With the advent of cloud computing systems it has become possible to provision large scale system... more With the advent of cloud computing systems it has become possible to provision large scale systems in a short time with little effort. The systems underpinning these cloud systems have to deal with massive amounts of data in order to function. Should an indecent occur that requires some form of forensic investigation it can be very challenging for an investigator to conduct the investigation. This is due, in large part, to the volatility of data in cloud systems. In this paper, a model architecture is proposed to enable proactive forensics of cloud computing systems. Using a reference architecture for cloud systems, an add-on system is created to enable the capture and storage of forensic data. The captured data is then available to the investigator should the need for an investigation arise. This must be achieved with minimal alteration or interruption of existing cloud systems. The system is described and a theoretical architectural model is given. An evaluation discusses the possible advantages and disadvantages of such a system and how it can be implemented as a proof of concept. It also relates the proposed model to the ISO 27043 standard of forensic investigations.
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Computers & Security, 2002
This category involves vulnerabilities concerned with retrieving information of user accounts fro... more This category involves vulnerabilities concerned with retrieving information of user accounts from a specific system [SMK2 01]. As soon as an intruder has retrieved a list of the user names registered on a specific system, it is often only a matter of time before he/she obtains the password by using a passwordcracking program, for example L0pht Crack [LOPH 01]. After all, the user names have to be obtained before any attempt can be made to crack passwords.
Bookmarks Related papers MentionsView impact
A legion of vulnerabilities are potentially compromising the security status of IT industries inf... more A legion of vulnerabilities are potentially compromising the security status of IT industries infrastructures today. Current state-of-the-art intrusion detection systems (IDSs) can potentially identify some of the vulnerabilities. Each IDS defines its own and unique list of vulnerabilities, making it cumbersome for organisations to assess the completeness and reliability of vulnerability scans. What This furthermore complicates the matter of determining the degree to which a specific IDS complies to with the security requirements of a specific organisation. This paper presents an approach to harmonise different sets of vulnerabilities as currently used by state-of-the-art IDS tools.
Bookmarks Related papers MentionsView impact
south african institute of computer scientists and information technologists, Oct 4, 2004
ABSTRACT As the transmission of data over the internet increases, the need to protect connected s... more ABSTRACT As the transmission of data over the internet increases, the need to protect connected systems also increases. Intrusion Detection Systems (IDSs) are the latest technology used for this purpose. Although the field of IDSs is still developing, the systems that do exist are still not complete, in the sense that they are not able to detect all types of intrusions. Some attacks which are detected by various tools available today cannot be detected by other products, depending on the types and methods that they are built on. Using a Genetic Algorithm (GA) is one of the methods that IDSs use to detect intrusions. They incorporate the concept of Darwin's theory and natural selection to detect intrusions. Not much research has been conducted in this area besides the Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis (GASSATA) tool; there are very few IDSs that are completely developed from using GAs. The focus of this paper is to introduce the application of GA, in order to improve the effectiveness of IDSs.
Bookmarks Related papers MentionsView impact
Innovations in Smart Cities Applications Volume 5, 2022
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3-10 Septem... more Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3-10 September 2017, Freedom of the Seas Cruise
Bookmarks Related papers MentionsView impact
WIREs Forensic Science, 2020
Bookmarks Related papers MentionsView impact
Suid-Afrikaanse Tydskrif vir Natuurwetenskap en Tegnologie, 2016
Bookmarks Related papers MentionsView impact
Computers & Security, 1998
The Internet constitutes a means of communication in terms of which millions of messages and huge... more The Internet constitutes a means of communication in terms of which millions of messages and huge chunks of data are electronically sent millions of miles across the globe each day thanks to the Transmission Control Protocol/Internet Protocol (TCP/IP). One of the functions of the TCP/IP is to break up each of these messages into smaller entities of equal length. Such
Bookmarks Related papers MentionsView impact
2016 24th Telecommunications Forum (TELFOR), 2016
In order for digital evidence from a digital forensic investigation to be admissible, one needs t... more In order for digital evidence from a digital forensic investigation to be admissible, one needs to follow a formalised and ideally standardised process. The authors' previous research and initiative within ISO resulted in a new international standard ISO/IEC 27043:2015, titled “Information technology — Security techniques — Incident investigation principles and processes” as published in March 2015. The standard governs the digital forensic investigation process and covers it from a wide angle, while harmonising existing process models in this field. In this paper, the authors give an analysis of both the standard itself and of related standards so as to enable the reader to understand the ecosystem of standards relating to the digital forensic investigation process and role of ISO/IEC 27043:2015.
Bookmarks Related papers MentionsView impact
2019 IEEE Conference on Application, Information and Network Security (AINS), 2019
Bookmarks Related papers MentionsView impact
2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), 2020
The relationship between negative and positive connotations with regard to malware in the cloud i... more The relationship between negative and positive connotations with regard to malware in the cloud is rarely investigated according to the prevailing literature. However, there is a significant relationship between the use of positive and negative connotations. A clear distinction between the two emanates when we use the originally considered malicious code, for positive connotation like in the case of capturing keystrokes in a proactive forensic purpose. This is done during the collection of digital evidence for Digital Forensic Readiness (DFR) purposes, in preparation of a Digital Forensic Investigation (DFI) process. The paper explores the problem of having to use the keystrokes for positive reasons as a piece of potential evidence through extraction and digitally preserving it as highlighted in ISO/IEC 27037: 2012 (security approaches) and ISO/IEC 27043: 2015 (legal connotations). In this paper, therefore, the authors present a technique of how DFR can be achieved through the collection of digital information from the originally considered malicious code. This is achieved without modifying the cloud operations or the infrastructure thereof, while preserving the integrity of digital information and possibly maintain the chain of custody at the same time. The paper proposes that the threshold of malicious code intrusion in the cloud can be transformed to an efficacious process of DFR through logical acquisition and digitally preserving keystrokes. The experiment-tested keystrokes have shown a significant approach that could achieve proactive forensics.
Bookmarks Related papers MentionsView impact
Forensic Science International: Reports, 2020
Abstract A potential security incident may go unsolved if standardized forensic approaches are no... more Abstract A potential security incident may go unsolved if standardized forensic approaches are not applied during lawful investigations. This paper highlights the importance of mapping the digital forensic application requirement specification to an international standard, precisely ISO/IEC 27043. The outcome of this work is projected to contribute to the problem of secure DF tool creation, and in the process address Software Requirements Specification (SRS) as a process of digital evidence admissibility.
Bookmarks Related papers MentionsView impact
Forensic Science International: Synergy, 2019
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact