Avinash Singh scite author profile

Avinash Singh

5Publications

38Citation Statements Received

58Citation Statements Given

How they've been cited

How they cite others

Affiliations

University of Pretoria

Publications

Order By: Most citations

Secure Storage Model for Digital Forensic Readiness

2022

View full text Add to dashboard Cite

Securing digital evidence is a key factor that contributes to evidence admissibility during digital forensic investigations, particularly in establishing the chain of custody of digital evidence. However, not enough is done to ensure that the environment and access to the evidence are secure. Attackers can go to extreme lengths to cover up their tracks, which is a serious concern to digital forensics particularly digital forensic readiness. If an attacker gains access to the location where evidence is stored, they could easily alter the evidence (if not remove it altogether). Even though integrity checks can be performed to ensure that the evidence is sound, the collected evidence may contain sensitive information that an attacker can easily use for other forms of attack. To this end, this paper proposes a model for securely storing digital evidence captured pre-and post-incident to achieve reactive forensics. Various components were considered, such as integrity checks, environment sandboxing, strong encryption, twofactor authentication, as well as unique random file naming. A proof-of-concept tool was developed to realize this model and to prove its validity. A series of tests were conducted to check for system security, performance, and requirements validation, Overall, the results obtained showed that, with minimal effort, securing forensic artefacts is a relatively inexpensive and reliable feat. This paper aims to standardize evidence storage, practice high security standards, as well as remove the need to create new systems that achieve the same purpose.

show abstract

Digital Forensic Readiness Framework for Ransomware Investigation

Singh¹,

Ikuesan²,

Venter³

2018

View full text Add to dashboard Cite

Over the years there has been a significant increase in the exploitation of the security vulnerabilities of Windows operating systems, the most severe threat being malicious software (malware). Ransomware, a variant of malware which encrypts files and retains the decryption key for ransom, has recently proven to become a global digital epidemic. The current method of mitigation and propagation of malware and its variants, such as anti-viruses, have proven ineffective against most Ransomware attacks. Theoretically, Ransomware retains footprints of the attack process in the Windows Registry and the volatile memory of the infected machine. Digital Forensic Readiness (DFR) processes provide mechanisms for the pro-active collection of digital footprints. This study proposed the integration of DFR mechanisms as a process to mitigate Ransomware attacks. A detailed process model of the proposed DFR mechanism was evaluated in compliance with the ISO/IEC 27043 standard. The evaluation revealed that the proposed mechanism has the potential to harness system information prior to, and during a Ransomware attack. This information can then be used to potentially decrypt the encrypted machine. The implementation of the proposed mechanism can potentially be a major breakthrough in mitigating this global digital endemic that has plagued various organizations. Furthermore, the implementation of the DFR mechanism implies that useful decryption processes can be performed to prevent ransom payment.

show abstract

Ransomware Detection using Process Memory

Singh

Ikuesan

Venter

2022

iccws

View full text Add to dashboard Cite

Ransomware attacks have increased significantly in recent years, causing great destruction and damage to critical systems and business operations. Attackers are unfailingly finding innovative ways to bypass detection mechanisms, which encouraged the adoption of artificial intelligence. However, most research summarizes the general features of AI and induces many false positives, as the behavior of ransomware constantly differs to bypass detection. Focusing on the key indicating features of ransomware becomes vital as this guides the investigator to the inner workings and main function of ransomware itself. By utilizing access privileges in process memory, the main function of the ransomware can be detected more easily and accurately. Furthermore, new signatures and fingerprints of ransomware families can be identified to classify novel ransomware attacks correctly. The current research used the process memory access privileges of the different memory regions of the behavior of an executable to quickly determine its intent before serious harm can occur. To achieve this aim, several well-known machine learning algorithms were explored with an accuracy range of 81.38% – 96.28%. The study thus confirms the feasibility of utilizing process memory as a detection mechanism for ransomware.

show abstract

Windows registry harnesser for incident response and digital forensic analysis

Singh

Venter

Ikuesan

2018

Australian Journal of Forensic Sciences

View full text Add to dashboard Cite

Protection of Data Stored in Transparent Database System using Encryption

Maurya¹,

Singh²,

Dubey³

et al. 2019

JCMS

View full text Add to dashboard Cite

In transparent database data are stored at different severs which is easily visible and accessible to every user. End users usually access information through applications that intermediate between the user and the database. These applications provide interface to access the database system i.e. transparent to end users. This is expected and even logical aspect of the nature of most database management systems (DBMS). There is always possibility of data loss and data theft by an unauthorized user. Now-a-days research on Distributed database management system (DDBMS) found to best match to handling the transparent type database storage and processing rules via communication links. In this paper, we have introduced a method of encrypting the transparent database files and data. The prime purpose here is to prevent an unauthorized access to the data by restoring the files from another server. These physical files include the database file (.mdf), the transaction log file (.ldf) and the backup files (.bak).

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Avinash Singh

Secure Storage Model for Digital Forensic Readiness

Digital Forensic Readiness Framework for Ransomware Investigation

Ransomware Detection using Process Memory

Windows registry harnesser for incident response and digital forensic analysis

Protection of Data Stored in Transparent Database System using Encryption

Contact Info

Product

Resources

About