An investigation into PL/SQL Injection.

SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparing two recent releases (10g, 11g) of Oracle. The results of the experiments showed that both releases of Oracle were vulner-able to injection but that the injection technique often differed in the packages that it could be conducted in.

Rule Generalisation in Intrusion Detection Systems using Snort

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks, and are becoming more and more necessary as reliance on Internet services increases and systems with sensitive data are more commonly open to Internet access. An IDS’s responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of IDSs use a set of signatures that define what suspicious traffic is, and Snort is one popular and actively developing open-source IDS that uses such a set of signatures known as Snort rules. Our aim is to identify a way in which Snort could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current Snort rules, using a similar approach to classic rule learning operators such as generalisation and specialisation. We demonstrate the effectiveness of our approach through experiments with standard datasets and show that we are able to detect previously undetected variants of various attacks. We conclude by discussing the general effectiveness and appropriateness of generalisation in Snort based IDS rule processing. Keywords: anomaly detection, intrusion detection, Snort, Snort rules

Rule Generalisation in Intrusion Detection Systems using Snort

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks, and are becoming more and more necessary as reliance on Internet services increases and systems with sensitive data are more commonly open to Internet access. An IDS’s responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of IDSs use a set of signatures that define what suspicious traffic is, and Snort is one popular and actively developing open-source IDS that uses such a set of signatures known as Snort rules. Our aim is to identify a way in which Snort could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current Snort rules, using a similar approach to classic rule learning operators such as generalisation and specialisation. We demonstrate the effectiveness of our approach through experiments with standard datasets and show that we are able to detect previously undetected variants of various attacks. We conclude by discussing the general effectiveness and appropriateness of generalisation in Snort based IDS rule processing. Keywords: anomaly detection, intrusion detection, Snort, Snort rules

Primeira intervenção da GNR no local do crime

Este trabalho aborda a questão dos atos preparatórios no local do crime, isto é, as medidas cautelares e de polícia que o primeiro interveniente policial que chega ao local deve aplicar. As diligências efetuadas pelo primeiro militar que assume uma ocorrência e que, normalmente, não é especialista na área da Investigação Criminal ou forense, revelam-se de elevada importância para o sucesso da investigação pois repercutem-se ao longo de toda a investigação. Essa abordagem caracteriza-se por não visar uma intervenção investigatória e inspetiva, mas sim de prevenção e proteção do local. O objetivo geral do trabalho consiste numa contribuição para uma exploração mais determinada do local onde foi cometido um crime, através do melhor desempenho possível do primeiro interveniente policial. Os objetivos específicos passam por definir os procedimentos a tomar pelo primeiro interveniente (tendo em conta a sua especialidade, materiais e particularidades da fase da investigação) e definir o que é, para ele, um crime de cenário, identificando as possíveis repercussões de uma má gestão do local do crime para o sucesso da investigação. Utilizamos o método comparativo, estudando os diferentes Manuais de procedimentos (nacionais e internacionais). O quadro de referência é o materialismo histórico pois enfatizamos a dimensão histórica dos processos sociais, a legislação vigente e os problemas atuais para interpretar o nosso estudo. Este trabalho assume contornos exploratório-explicativos. Seguimos um método dedutivo, pois pretende-se chegar a um caso particular da lei geral, ou seja, aos procedimentos específicos do primeiro interveniente policial entre toda a gestão do local do crime. Os resultados mais significativos são a justificação da importância do local do crime para a Investigação Criminal e da complexidade que pode advir para o trabalho do primeiro interveniente. É possível concluir um conjunto padrão de ações que devem ser tomadas (guia prático) e como se pode melhorar a intervenção através de formação e cooperação entre os elementos.

Using multiple GPUs to accelerate string searching for digital forensic analysis

String searching within a large corpus of data is an important component of digital forensic (DF) analysis techniques such as file carving. The continuing increase in capacity of consumer storage devices requires corresponding im-provements to the performance of string searching techniques. As string search-ing is a trivially-parallelisable problem, GPGPU approaches are a natural fit – but previous studies have found that local storage presents an insurmountable performance bottleneck. We show that this need not be the case with modern hardware, and demonstrate substantial performance improvements from the use of single and multiple GPUs when searching for strings within a typical forensic disk image.

Is There a New Bibliography?

Describes the position claiming that the contemporary technologi- cal, sociopolitical, and socioeconomic environment gives us pause to consider the core theory and practices of bibliography, combin- ing bibliography of the work (in library and information science), bibliography of the text (in textual studies and scholarly editing), and bibliography of the artifact (in book history and now digital forensics), and calls for collaborative multidisciplinary research at the intersection of these fields to ask, is there a new bibliography?

Drug of abuse analysis: new methods in herbal and biological matrices for medicinal chemistry and forensic investigation

In this Ph.D. project, original and innovative approaches for the quali-quantitative analysis of abuse substances, as well as therapeutic agents with abuse potential and related compounds were designed, developed and validated for application to different fields such as forensics, clinical and pharmaceutical. All the parameters involved in the developed analytical workflows were properly and accurately optimised, from sample collection to sample pretreatment up to the instrumental analysis. Advanced dried blood microsampling technologies have been developed, able of bringing several advantages to the method as a whole, such as significant reduction of solvent use, feasible storage and transportation conditions and enhancement of analyte stability. At the same time, the use of capillary blood allows to increase subject compliance and overall method applicability by exploiting such innovative technologies. Both biological and non-biological samples involved in this project were subjected to optimised pretreatment techniques developed ad-hoc for each target analyte, making also use of advanced microextraction techniques. Finally, original and advanced instrumental analytical methods have been developed based on high and ultra-high performance liquid chromatography (HPLC,UHPLC) coupled to different detection means (mainly mass spectrometry, but also electrochemical, and spectrophotometric detection for screening purpose), and on attenuated total reflectance-Fourier transform infrared spectroscopy (ATR-FTIR) for solid-state analysis. Each method has been designed to obtain highly selective, sensitive yet sustainable systems and has been validated according to international guidelines. All the methods developed herein proved to be suitable for the analysis of the compounds under investigation and may be useful tools in medicinal chemistry, pharmaceutical analysis, within clinical studies and forensic investigations.