Open access repository

Home Open access repository

In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).

» Openaccess proceedings » 4th International Annual Workshop on Digital Forensics & Incident Analysis (WDFIA 2009)

4th International Annual Workshop on Digital Forensics & Incident Analysis (WDFIA 2009)

4th International Annual Workshop on Digital Forensics & Incident Analysis (WDFIA 2009)
Athens, Greece, June 25-26, 2009
ISBN: 978-1-84102-230-7

Title: Detecting Data Leakage from Pod Slurping Based Attacks on a Windows XP Platform
Author(s): Theodoros Kavallaris, Vasilios Katos
Reference: pp1-8
Keywords: USB forensics, data transfer rate
Abstract: Time is recognised to be a dimension of paramount importance in computer forensics. In this paper, we report on the potential of identifying past pod slurping type of attacks by constructing a synthetic metric based on information contained in filesystem timestamps. More specifically, by inferring the transfer rate of a file from last access timestamps and correlating that to the characteristic transfer rate capabilities of a suspicious USB found in the Windows registry, one could assess the probability of having suffered an unauthorised copy of files. Preliminary findings indicate that file transfer rates can be associated with the make and model of the USB storage device and give supporting information to the forensic analyst to identify file leakages.
Download count: 1653

How to get this paper:

Download a free PDF copy of this paperBuy this book at Lulu.com

PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.