Forensic Studies Volatility

In: Science

Submitted By limweifei92
Words 1584
Pages 7
Forensicc studies volatility
1. List the processes that were running on the victim’s machine. Which process was most likely responsible for the initial exploit?

Figure 1 seeking the profile
As shown in figure one, when the command “vol imageinfo –f /root/Desktop/BF.vmem” is applied, the result shows the suggested profile which is WinXPSP2x86 and WinXPSP3x86.With that we can able to identify the profile victim is using.
Figure 2 Result of Pslist
By using the “Pslist” command, we are able to trace the process running in the victim and based on the scenario provided, the user was emailed a link to a suspicious PDF by a co-worker. The chaos happened after the PDF file is opened. As shown in figure 2, “AcroRd32.exe” with PID 1752 is most likely responsible for the exploit. The PPID (parent PID) of AcroRd32.exe is 888 which indicate firefox.exe.

2. List the sockets that were open on the victim’s machine during infection. Are there any suspicious processes that have sockets open?

Figure 3 Result of listing Sockets
Figure 3 shows the list of socket that were opened on the victim’s machine during the exploitation

Figure 4 Result of Connection
The figure above shows the list of connection found in victim’s machine and the most suspicious connection to external website is the AcroRd32.exe (PID 1752) and svchost.exe (PID 880). These application caught our attention because it does not have any outbound HTTP connections.

Figure 5 Information of IP
After finding it suspicious, we did a further investigation towards the Ip address and eventually we found 193.104.22.71 is an Iran hosting and 212.150.164.203 is an Israel hosting. Another thing we found interesting is when we refers to connection list above, we found the only process connected with the Iran hosting is PID 880 which is the svchost.exe while two processes connecting with Israel hosting are…...

Similar Documents

Volatility Markets.

...Introduction When the stock market goes up one day, and then goes down for the next five, then up again, and then down again, that’s what you call market volatility. Historically, the volatility of the stock market is roughly 20% a year and 5.8% a month, but volatility keeps on changing, so we go through periods of high volatility and low volatility. Analysts and experts have different opinions about what you should do in volatile markets, and how to scope with stock market volatility or the tendency for share prices rising and falling. Analysts. Justin Stewart, co-founder of Seven Investment Management says: “ Crashes happen. If you are a longer-term investor, you should look straight through them and remember the power of compounding dividends, or in cone arising on income.” Andrew Humphries, a director of St James Place Wealth Management, thinks that Diversification is very important and having a portfolio that is solely exposed to one asset class- be it equities, bond or property- is dangerous and all investors should ensure they hold an appropriate range of assets” Andrew Bell, the chief executive of Witan Investment trust advised: “ It is better to buy into fear and cheapness and sell into euphoria and high valuation, as long as you can endure the period before trends reverse. Investors should have this tattooed somewhere to prevent natural human psychology from making them do the opposite. Bill Mott, the manager of PSigma income, said “ in an uncertain world,......

Words: 1275 - Pages: 6

Forensic

...Restoration of Obliterated Marks in Forensic Science Practice and Investigations R. Kuppuswamy Forensic Science Programme, School of Health Sciences, Universiti Sains Malaysia Malaysia 1. Introduction 1.1 The problem A problem of common occurrence in forensic science is the restoration of obliterated serial numbers on the chassis and engine of stolen motor vehicles, firearms, jewellery, valuable tools, and machinery (Nickols, 1956; Wolfer & Lee, 1960; Jackson, 1962; Cunliffe & Piazaa, 1980; De Forest & Gaensslen, 1983; Schaefer, 1987; O’Hara & O’Hara, 1994; Moenssens et al (1995); Heard, 1997; Petterd, 2000; Lyle, 2004; Katterwe, 2006; Seigel, 2007; Mozayani & Noziglia, 2006; Jackson et al (2008); Levin, 2010). Serial numbers or other markings, which are unique to that particular item, are usually marked on the above metal surfaces during the manufacturing process. Criminals alter or obliterate these identification marks during thefts or other illegal uses in order to prevent their identity. On many occasions a fraudulent number would be introduced after removing the original one. In abandoned vehicles all serial numbers are verified in order to detect alterations in the identity of the vehicle (Svensson et al, 1981). Sometimes the serial numbers on firearms are removed more professionally making it hard to distinguish whether the numbers are original or not (Shoshani et al, 2001). Restoration of the original obliterated numbers provides important forensic evidence in......

Words: 10345 - Pages: 42

Measuring Volatility

...MEASURING TIME VARYING VOLATILITY OF USDINR CURRENCY FUTURES IN INDIA *Suhashini.J ** Dr.Chandrasekar.K *Suhashini.J, Faculty Research Scholar, PSNA College of Engineering and Technology, Dindigul, Tamilnadu.Suhashinij@gmail.com **Dr.K.Chandrasekar, Assistant Professor, Alagappa Institute of Management, Alagappa University, Kariakudi. MEASURING TIME VARYING VOLATILITY OF USDINR CURRENCY FUTURES IN INDIA Abstract This paper examines the volatility of USDINR currency pair. USDINR currency pair was introduced in regulated stock exchange of National Stock Exchange in the year 2008. USDINR currency stated to trade as a future instrument on 29.08.2008. Though it’s a delayed decision undertaken in India to introduce currency futures in regulated exchange within the three years of its introduction 10 times of volume traded has increased. The pricing of currencies is supposed to be dependent on volatility of the markets. Therefore it’s important to know the volatility implications of currency market to trade in futures market. To understand volatility implications it is examined using ARCH, GARCH, and GARCH (1, 1) model in this paper. The study finds the evidence of time varying volatility of futures. The study finds an evidence of time varying volatility, which exhibits clustering, high persistence and predictability of currency futures in Indian Market. Key words: Time Varying Volatility, currency futures, USDINR and GARCH Introduction Currency Futures has......

Words: 2841 - Pages: 12

Case Study #01 Acc-574, Forensic Accounting

...faces in news comes that “Richard Scrushy, ex-CEO of HealthSouth, has been accused of allegedly masterminding a $2.7 billion earnings misstatement at the rehabilitation and medical services company. He is also accused of conspiracy, false reporting to the U.S. Securities and Exchange Commission, multiple fraud counts and money laundering. Scrushy faces millions of dollars in fines and a maximum sentence that may near life in prison, if convicted of all counts.”(1) According to the above-mentioned case in 2003, the U.S. Securities and Exchange Commission (SEC), filed civil charges against HealthSouth for misleading public investors by presenting overstated and fraudulent financial statements. In relation to the SEC’s formal inquiriess, a forensic investigation was conducted by PricewaterhouseCoopers to determine the extent and value of the accounting misdemeanors that took place from 1997 through July 2002. The New York Times on March 22 2003 explains “the regulators describe periodic efforts by other executives - - - - to persuade Mr. Scrushy to stop the manipulations. "Scrushy insisted that the scheme continue because he did not want HRC's stock price to suffer," the S.E.C. complaint said.” (2) June 18, 2009, on the business section of the New York Time news paper we read”Four years ago, Richard M. Scrushy, the former chief executive of HealthSouth, walked out of a federal courthouse in Alabama and thanked God that he had been acquitted of criminal charges that he......

Words: 1085 - Pages: 5

Forensics

...files of a source drive, to save space on the target drive. Hashing helps check the integrity of the data. Various tools can integrate metadata into the image file But there exits an inability to share an image between different vendors’ computer forensics analysis tools. Like ILook imaging tool IXimager produces IDIF, IRBF, and IEIF but can be read only by ILook. Proprietary format tools produce a segmented file of 650 MB. Maximum file size per segment can be 2 GB. 2. Disk-to-disk copy: UNIX/Linux dd command does disk-to-disk copy. dd command is very easy and effective in a Linux machine. But for that we need equal or larger space in the target disk to copy full image from the source disk. Raw formatting is a technique in which we use dd command to generate image files which are split into smaller segments and are exact bit-by-bit replica of the original disk. These are sequential flat files of the source drive. Hardware and software duplicators are available for disk to disk copy. Hard duplicators like Logicube Talon,etc and software duplicators like SafeBack, EnCase, etc. Raw format is faster data transfers and has the ability to disregard minor data read errors. Versatility is a big deal as the output because many forensics tools can read the raw format, making it a universal acquisition format for most tools. It needs equal storage space as compression option is unavailable. Freeware versions, sometimes might not collect marginal (bad) sectors on the source......

Words: 937 - Pages: 4

Forensic

...Subspecialties of forensic psychologySubspecialties of forensic psychologySubspecialties of forensic psychology Forensic psychology is defined as the application of psychological knowledge to the legal system (Bartol & Bartol, 2012: 6). The concept of forensic psychology can be misunderstood, because the definition does not explain much. The easiest way to explain forensic psychology is to break it down into its subspecialties and describe where psychological knowledge can be applied. There are five subspecialties of forensic psychology, namely police psychology, psychology of crime and delinquency, victimology and victim services, legal psychology and correctional psychology. I will discuss legal psychology and correctional psychology. · Legal psychology Legal psychology is the study of human behavior relevant to the law. This subspecialty of forensic psychology consists of those theories that describe, explain and predict human behavior by reference to the law. Bartol & Bartol (2012) described that early in a case when attorneys are preparing for a trial and gathering information psychologist can be called in to testify. Main roles of a forensic psychologist in the USA includes, acting as a consultant to law enforcement, acting as trial consultants (jury selection, case preparation and pre-trial publicity), presenting psychology to appeal courts, doing forensic assessment and acting as an expert witness (insanity defense, competence to stand trial, sentencing, eyewitness...

Words: 1988 - Pages: 8

Forensic

...Forensic Psychology Abstract: U.S. Supreme Court Rules in Kumho Tire Co. v. Carmichael Case (No. 97—1709. Argued December 7, 1998–Decided March 23, 1999) On March 23, the U.S. Supreme Court ruled in Kumho Tire Co. v. Carmichael, No. 97-1709, that all types of expert evidence are subject to the relevance and reliability ‘gatekeeping’ function that the Supreme Court had articulated with respect to scientific evidence in Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993). The Court further held that trial judges have substantial discretion or ‘considerable leeway’ to determine how to evaluate relevance and reliability and to make a determination on whether to admit the expert evidence. While this decision will make it more difficult when judges are hostile to the type of expert testimony being offered by plaintiffs, there were some helpful aspects to the Court’s opinion that lawyers for plaintiffs should know and emphasize: • The Court rejected arguments that all, or even one, of the four Daubert factors (testing, peer review, error rates, and scientific acceptability) must be satisfied for the testimony to be admissible, noting that even in scientific evidence cases the Daubert factors ‘do not all necessarily apply’; • The Court endorsed the idea that expert testimony from reliable fields of study that conforms with the standards used in that discipline should be admissible (In doing so, the Court was......

Words: 395 - Pages: 2

How Has Our Knowledge of Dna Improved the Study of Criminal Forensics?

...How has our knowledge of DNA improved the study of criminal forensics? Introduction Through genetics, the study of DNA, we are able to figure out what and how genes are responsible for many things like our hair color or why do some people look a lot like their parents and others don’t. It also allows us to understand better how species evolve and how are they related to each other. It is important to understand how DNA mutates, changes and replicates in order to get information about what mechanisms cause DNA to change. In the 1970s scientists developed a DNA sequencing technique and other methods to manipulate and analyze DNA. This gave them the basic tools to start exploring the DNA blueprint which provided the techniques for a vast international project called The Human Genome Project (MRC). The Human Genome Project which was a major international project with the goal of decoding all our genetic information by 2003. A rough draft was done in June 2003 and it was a huge milestone that helped us understand how our genes can determine who we are (Genome Project). Many of today’s advances in DNA and biotechnology allow scientists and medical doctors to potentially cure genetic disorders through gene therapy by inserting, deleting or manipulating genes (Tillery, page 686). Another use of DNA technology is the creation of mutation by transferring DNA from one organism to another through techniques like cloning and introducing new DNA sequence into an organism to......

Words: 1437 - Pages: 6

Forensic

...die. A forensic pathologist is a great profession that requires hard work, dedication, and flexibility. A Forensic Pathologist is a person who examines the bodies of people who died suddenly, unexpectedly, or violently. They are in charge of determining a person death. A medical examiner perform autopsy and trace evidence from the body for further information. This profession works hand and hand with criminal law. As a medical examiner, you are responsible for finding the exact cause of death. “I wanted to be a forensic scientist for a long time. It's like putting the pieces of a puzzle together. Solving mysteries seemed like it would be fun, scary and exciting all at the same time.” Forensic Pathologist performs a full death investigation. As a coroner, evaluates crime scene evidence. There is a large vocabulary that forensic pathologist must learn. The terminology that medical examiners use is totally different from everyday language. They use medical terms that doctors use for body parts. Education is very important no matter what career path you choose. For a forensic pathologist, you will need plenty of education you must go to high school and college; you must also make good grades. In high school, you should strive to keep a B average. Asking your counselor to find courses that relate to medical will be great. After you have finished so many courses, you can sign up for an intern. An internship is when students practice in their field study......

Words: 1117 - Pages: 5

A Study on S&P 500 Index Stock Return and Volatility Using Arima and Garch Modeling

...A Study on S&P 500 Index Stock Return and Volatility using ARIMA and GARCH Modeling Kaiyuan Song, Di Wu Summary In this project we first checked consistency and seasonality of S&P500 index stock performance by splitting its recent twenty years historical data into ten two year data and built ARIMA and GARCH models for each sub-period. We found that the models are considerably consistent before 2007-2008 sub-period, and there exists some minor seasonality in several subperiods, but no particular pattern can be identified for the whole period. We then tried to predict future return, volatility and VaR using the model we built for the last sub-period based on rolling forecast procedure. Though the fitted values of 10th sub-period model are very acceptable, the predicted values are reasonable yet far from satisfactory. Only some future volatility can be predicted using one-step ahead rolling forecast, and return prediction is not much better than just using historical mean, which is almost 0, to predict. These results suggest that external variables are needed for more accurate predictions, time series models alone are not sufficient. Data S&P500 index daily closing price from 1993 to 2012 are obtained from yahoo finance website. It is one of the best measures of current state of U.S. domestic economy, therefore by studying its fluctuations, consistency, seasonality and make predictions, one can determine if it is a good time to invest in U.S. stock......

Words: 1146 - Pages: 5

Forensics

...this research paper was to analyze three anti-forensic techniques for potential methods of mitigating their impact on a forensic investigation. Existing research in digital forensics and anti-forensics was used to determine how altered metadata, encryption, and deletion impact the three most prominent operating systems. The common file systems for these operating systems were analyzed to determine if file system analysis could be used to mitigate the impact of the associated anti-forensic technique. The countermeasures identified in this research can be used by investigators to reduce the impact of anti-forensic techniques on an investigation. Also, the results could be used as a basis for additional research. File system analysis can be used to detect and mitigate the impact of the three methods of anti-forensics researched under the right circumstances. Some areas of anti-forensics and file systems have been relatively well-researched. However continued research is necessary to keep pace with changes in file systems as well as anti-forensic techniques. Keywords: Cybersecurity, Albert Orbinati, Windows, Linux, Macintosh, file table. MITIGATING THE IMPACT OF ANTI-FORENSIC TECHNIQUES THROUGH FILE SYSTEM ANALYSIS by Gabriel A. Flynn A Capstone Project Submitted to the Faculty of Utica College August 2012 in Partial Fulfillment of the Requirements for the Degree of Master of Science Cybersecurity – Intelligence & Forensics © Copyright 2012 by Gabriel Flynn All......

Words: 11835 - Pages: 48

Forensics

...TABLE OF CONTENTS Introduction 1 Purpose 1 Methodology 1 Organization_______________________________________________________________ 2 Body 2 Computer Forensics 2 Internet Security 2 Conclusion_________________________________________________________________ 4 Sources 5 Introduction In this report I will be writing on two jobs: computer forensics and information Security. I am writing on these two due to the fact that these are two job considerations for my degree. I will be discussing benefits of each job, average pay, and description of each job. I will take time to go into detail into each of the jobs that I would like to have. I will be going into the origin of each job, degrees required for each job, and the different fields that these jobs cover. Purpose The purpose of this report is to educate others and myself on what these two jobs are about. To better inform others of the importance of each of these jobs in the digital world. It will hopefully allow others to have a better understanding of the two jobs that I have chosen. There are many things about each of these jobs that people would deem as boring or not interesting, but the digital world is a very interesting place. It is like another world laid on top of this one, there but just out of reach unless you have the technology to access it. There are many things one can gleam from the internet and the digital world, and I will expound upon...

Words: 1629 - Pages: 7

Sec 402 Wk 7 Case Study 2 Developing the Forensics

...SEC 402 WK 7 CASE STUDY 2 DEVELOPING THE FORENSICS To purchase this visit here: http://www.activitymode.com/product/sec-402-wk-7-case-study-2-developing-the-forensics/ Contact us at: SUPPORT@ACTIVITYMODE.COM SEC 402 WK 7 CASE STUDY 2 DEVELOPING THE FORENSICS SEC 402 WK 7 Case Study 2 - Developing the Forensics, Continuity, Incident Management, and Security Training Write a five to seven (5-7) page paper in which you: 1. Consider that Data Security and Policy Assurance methods are important to the overall success of IT and Corporate data security. a. Determine how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. b. Explain how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved. c. Determine how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts. Give an example with your response. 2. Suggest at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts. Describe how these could be implemented. 3. Explain the essentials of defining a digital forensics process and provide two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article. 4. Provide a step-by-step process that......

Words: 1406 - Pages: 6

The Impact of Derivatives on Stock Market Volatility: a Study of the Nifty Index

...ACADEMY of MANAGEMENT JOURNAL of ACCOUNTING and FINANCE THE IMPACT OF DERIVATIVES ON STOCK MARKET VOLATILITY: A STUDY OF THE NIFTY INDEX T. Mallikarjunappa1* and Afsal E. M.2 1 Department of Business Administration, Mangalore University, Mangalagangotri – 574199, Mangalore, DK, Karnataka, India 2 School of Management and Business Studies, Mahatma Gandhi University, P.D. Hills, Kottayam – 686560, Kerala State, India *Corresponding author: tmmallik@yahoo.com ABSTRACT This paper studies the volatility implications of the introduction of derivatives on stock market volatility in India using the S&P CNX Nifty Index as a benchmark. To account for non-constant error variance in the return series, a GARCH model is fitted by incorporating futures and options dummy variables in the conditional variance equation. We find clustering and persistence of volatility before and after derivatives, while listing seems to have no stabilisation or destabilisation effects on market volatility. The postderivatives period shows that the sensitivity of the index returns to market returns and any day-of-the-week effects have disappeared. That is, the nature of the volatility patterns has altered during the post-derivatives period. Keywords: conditional volatility, heteroscedasticity, volatility clustering, market efficiency INTRODUCTION The modelling of asset returns volatility continues to be one of the key areas of financial research as it provides substantial......

Words: 9589 - Pages: 39

Forensic

...Forensic Toxicology     It was during the years of 1998 and 2001 that a very demure and innocent looking woman named Van le Thahn began her killing spree. Thahn was 49 years old  at the time and was from the city of Ho Chi Minh in Vietnam. Van le Thahn successfully poisoned 13 people with cyanide. Named the Vietnamese Black Widow, Van would intentionally place herself in situations that would allow her to interact with people who were rich and affluent. After gaining access to the circle, Van would befriend those that she thought would be easy targets and victims to her scheme. She would cook for her new found “friends” and provide drinks that contained cyanide which ultimately ended their lives. Van did not discriminate when it came to her targets in some cases. It is estimated that Van killed thirteen people during the years of her killing spree, among the thirteen people she killed included was her mother-in-law, brother-in-law, and two ex-husbands. It is speculated that the killing of the members of Van’s extended family was due to ongoing family problems. Van’s main goal for the selection of her targets and killing them was to take their most valuables items for her possession or sell them for the money. It is estimated that Van was able to steal more than twenty thousand US dollars from her victims. Because of the nature of these killings it made finding out that Van was the killer hard. It is without a doubt that had it not been for the expertise of a Forensic......

Words: 1979 - Pages: 8

Outils de soudage électrique à souder | 240,496 05:48 Luh Mai Luh 4Wd | Thomas the Tank Engine Friends (408)