Below, you will find sample capstone papers completed for the M.S. in Cybersecurity and Economic Crime Management programs. To view all completed theses, capstones, and dissertations completed amongst all of Utica College, follow these directions.
M.S. Cybersecurity – Intelligence and Forensics Dissertations
In an effort to promulgate Utica College’s graduate students’ capstone projects in the M.S. degree in Cybersecurity – Intelligence and Forensics, the Economic Crime Institute publishes dissertations chosen by faculty. The objective is to provide resources to individuals seeking information on topics such as cyberespionage, data breaches, digital investigations, cybercrime trends, digital investigations, cyberterrorism, honeypots, cloud security, doxing, mobile apps, unmanned aircraft systems, and other topics.
The Internet, A Secret Minefield For Children
By David Plude
Numerous changes in technology since the year 2000 have increased the availability of the Internet, increased the amount of Internet activity among children, and expanded the age range of Internet users. Children are in danger while in their own homes like never before. Dangers such as cyberbullying, sexting, identity theft, and terrorist radicalization are hidden dangers in a virtual minefield. Children are also at risk of damaging their online reputation that will prove to be costly in the future, if they do not learn how to avoid these dangers. The purpose of this research was to evaluate the Internet safety education for children in Virginia schools to determine if they are adequately preparing children for the online world. What minefields await children when they go online? What are Virginia schools doing now to educate children about the dangers and the proper usage of the Internet? What challenges may prevent teachers and schools from delivering a comprehensive Internet safety education program? While schools must comply with the Children’s Internet Protection Act (CIPA) in order to receive e-funds for Internet access, merely preventing access while on school grounds is not enough. Congress passed the Protecting Children in the 21st Century Act in 2008, identifying public schools as the educator of children to prepare them for Internet life. The act requires public schools to educate their students about cyberbullying, online safety, and sexual predators. Much of how the school system complies with this act remains up to the individual school district; therefore, they may not be giving this the proper attention. Schools have an obligation to provide safety education to students.
The Implications of the Abandoned Property Doctrine of the Fourth Amendment on Data Deleted from the Cloud
By William Pizio
Under current law, cloud data enjoys a lesser expectation of privacy compared to locally stored data and deleted cloud data may enjoy no Constitutional protections at all. While law enforcement access to locally stored data requires a search warrant, cloud data can require as little as a court order or subpoena to gain access, and there is little legislative or judicial guidance as to the protections afforded to deleted cloud data. With the Electronic Communications Privacy Act of 1986 in need of updating and the rise in emerging technology issues in criminal appellate cases, a better understanding of the role of deleted cloud data as evidence in criminal prosecutions is necessary. Using the Katz reasonable expectation of privacy test and the abandoned property doctrine, this research concluded that deleted cloud data should enjoy the full protections of the Fourth Amendment. By separating cloud data from the third party doctrine and by differentiating between disposal and permanent deletion, users who choose to make their data permanently inaccessible exemplifies the intent to keep the data private, thereby maintaining their Fourth Amendment protections.
North Korean Strategic Strategy: Combining Conventional Warfare With The Asymmetrical Effects of Cyber Warfare
By Jennifer J. Erlendson
Emerging technologies play a huge role in security imbalances between nation states. Therefore, combining the asymmetrical effects of cyberattacks with conventional warfare can be a force multiplier; targeting critical infrastructure, public services, and communication systems. Cyber warfare is a relatively inexpensive capability which can even the playing field between nations. Because of the difficulty of assessing attribution, it provides plausible deniability for the attacker. Kim Jong Il (KJI) studied the 2003 Gulf War operational successes of the United States (U.S.) and the United Kingdom (U.K.), noting the importance of high-tech weapons and information superiority. KJI realized the only way to compete with the U.S.’technology and information superiority was through asymmetric warfare. During the years that followed, the U.S. continued to strengthen its conventional warfare capabilities and expand its technological dominance, while North Korea (NK) sought an asymmetrical advantage. KJI identified the U.S.’ reliance on information technology as a weakness and determined it could be countered through cyber warfare. Since that time, there have been reports indicating a NK cyber force of 300-3000 soldiers; some of which may be operating out of China. Very little is known about their education, training, or sophistication; however, the Republic of Korea (ROK) has accused NK of carrying out cyber-attacks against the ROK and the U.S since 2004. Although NK is the likely culprit in the attacks, there is no forensic evidence to definitively identify NK as the attacker.
The Development of Cybersecurity Curriculum in Advanced Telecommunication Forensics
By Daniel Kalil and Richard Gloo
A course in Telecommunications Forensics was created to fill an existing void within the Utica College Cybersecurity curriculum. The course existed as a concept, but had yet to be developed until this work was accomplished. The developed course focuses on the unique investigative techniques required to examine network communications and synthesize context as it pertains to traditional host and device digital forensics. By giving the student the insight, techniques, and tools required to solely focus on a network communications, many common questions can be answered throughout a digital forensics investigation.
To achieve the development of Advanced Telecommunication Forensics, industry trends and needs were examined, cases involving network communications were reviewed, and similar educational programs were considered. The work accomplished in this capstone has resulted in the production of course materials, including a course outline, syllabus, weekly assignments, and hands-on-labs. All of this work was consequently loaded into the web based Angel course management interface, allowing the course to be offered as soon as desired by the Utica College Cybersecurity graduate program director and faculty.
Mitigating the Effects Of Doxing
By Ingrid Norris
Hacktivists create dossiers on any entity that is perceived to be an obstacle to their social or political agenda. This includes individuals, public and private entities, law enforcement agencies, military personnel, government officers, and other entities. Dossiers are created from the content found in social media networks, Google searches, private, public, government, and military websites, reverse IP lookup, social engineering, hacking, phishing, and other sources. Once information is found, online activists publicize the information via Pastebin, social media networks, other websites, and other forums. This is called doxing, a term derived from documents. The goal of doxing is to threaten, embarrass, harass, and humiliate the individual or organization to further the hacktivists agenda.
The purpose of this capstone project is to call to attention the problems that arise as a consequence of hacktivists doxing individuals and other entities. The ramifications of doxing are critical to an individual’s and other entity’s safety because the information disseminated exposes the individual or organization to be a victim of identity theft, hacking, financial crimes, and other crimes. To mitigate the effects of doxing, individuals and organizations need to take an active role by being conscientious of the information disseminated via social media networks, over the phone, emails, texting, and other means. Organizations need to actively defend their infrastructure by implementing defense in depth best practices to protect the organization’s information and information systems. Following the “protect, detect, and react” model, organizations achieve information assurance that establishes a balance between people, technology, and operations.
An Examination of Cyberbullying on Social Media And the Recommendations For Resolving It
By Nicole E. Lent-Miller
This research takes a look at the complex world of cyberbullying and shows how it has become a popular choice for creating criminal mischief in the online community, especially with the advancement of social media and cellphones. In this capstone it will become evident as to why cyberbullying exists, in what capacity it takes place and what different measures are being taken to help put a stop to it. The research shows cyberbullying is happening on school campuses more and more and the efforts to put an end to it are becoming more extreme. Research has shown that schools are beginning to take more responsibility for their students actions both on and off campus as it relates to and directly affects other individuals. Some schools are coming up with anti-bullying curriculum, going as far as letting students switch schools due to extreme bullying. While other schools are trying to remain neutral for fear of going against constitutional rights. Studies have shown that the rise of social media has only created more problems in this matter. Students can be attacked by virtually anyone and at anytime. In addition to social media sites, some people are creating their own websites for the sole purpose of humiliation. A survey of the fifty states shows that many states are realizing the importance of protection from cyberbullying and either have laws to protect against it or are drafting laws to protect against cyberbullying. By showing the cases of suicides as a direct result of cyberbullying the reader will be able to see for themselves how incomplete the research on this topic is, and how far the research still has to go.
Standardizing the Security of Mobile App Store Platforms
By Michael Clapsadl
This research evaluates the security of mobile device application platforms, better known as app stores. Nearly 98% of devices use five primary operating systems, and therefore the app stores common to those systems were investigated. This includes the Google Play Store, Amazon App Store for Android, Apple iTunes Store, Research In Motion’s Blackberry App World, and the Windows Phone Marketplace by Microsoft. The Cydia store, an open source system for iOS, was also included in this research for security comparison. The goal was to compare existing stores security practices and policies and develop a comprehensive industry standard for use in consumer comparison of app stores.
App store security is important due to an increase in app based malware. New technology is often not built with security in mind and app stores are no exception. What do stores do to prevent malware and data theft and to protect user privacy? In total, twenty factors were established that form an industry standard app store security model. This includes a rating system for consumers to use for comparing stores and better understand security.
This research finds that none of the stores reviewed met even 70% of the necessary security factors. In fact most stores scored less than five on a ten point scale. Implementation of a standard would encourage stores to do more to ensure security is enforced and will provide increased transparency allowing consumers to understand what stores are doing to protect them. A standard is vital to the future of mobile device app stores and stopping the increase in malware.
The Forensic Artifacts of Microsoft OneNote
By Cynthia Gonnella
Microsoft OneNote is a powerful data management tool. In the past it has been an obscure component of the Microsoft Office suite. Today it is a cross platform PC, MAC, mobile, and web based application that integrates with Microsoft SkyDrive. However, there is no substantial research on the topic of OneNote forensics. This body of research explores the forensic artifacts that may be recovered during investigations involving Microsoft OneNote. The research explains the relevance of OneNote artifacts for today’s electronic investigations, describes techniques for examiners to become familiar with OneNote and its files, and offers insight into the many artifacts that can be located for the various installations and usage of OneNote. A hypothetical case scenario involving the usage of OneNote to steal company secrets is presented. The subsequent walk-through style examination demonstrates how OneNote could be exploited for criminal purposes and how an examiner might proceed with the examination. The forensic artifacts of OneNote’s structure, file header, internal paging and caching system, and its recycle bin are all discussed and analyzed. This body of research will allow others to investigate OneNote artifacts and to conduct further research.
Mitigating The Impact of Anti-Forensic Techniques Through File System Analysis
By Gabriel A. Flynn
The purpose of this research paper was to analyze three anti-forensic techniques for potential methods of mitigating their impact on a forensic investigation. Existing research in digital forensics and anti-forensics was used to determine how altered metadata, encryption, and deletion impact the three most prominent operating systems. The common file systems for these operating systems were analyzed to determine if file system analysis could be used to mitigate the impact of the associated anti-forensic technique. The countermeasures identified in this research can be used by investigators to reduce the impact of anti-forensic techniques on an investigation. Also, the results could be used as a basis for additional research. File system analysis can be used to detect and mitigate the impact of the three methods of anti-forensics researched under the right circumstances. Some areas of anti-forensics and file systems have been relatively well-researched. However continued research is necessary to keep pace with changes in file systems as well as anti-forensic techniques.
An Analysis of the Vulnerability of Unmanned Aircraft Systems
By Daniel Brodsky
The use of Unmanned Aircraft Systems (UAS) for military, law enforcement, and private applications has increased significantly in recent years, and this increase will only continue both by the United States (U.S.) and by other nation states and private organizations. This proliferation comes with an increased risk of a cyber attack against an unmanned aircraft itself, its ground station(s), and the computer or sensor networks that enable its use. This study examined ways in which UAS are employed, ways in which they are vulnerable to cyber attack, and ways these risks can be mitigated.
The risk of cyber attack is analyzed by considering vulnerability, impact, likelihood, and countermeasures. The study found that the risk of cyber attack varies significantly between the high, fast flying UAS and the lower altitude, slower UAS likely to be employed in domestic airspace by law enforcement and other organizations. The study also found that every attack that can be executed abroad can also occur over the U.S., with perhaps more significant consequences. Also, sophisticated and multi-stage and insider threat attacks are an underreported risk. Lastly, the study found that every UAS attack capability the U.S. and its allies have employed will eventually be used against us by nation state and non-state adversaries as their own UAS capabilities mature in the coming years. The study concluded with recommendations for future areas of research, including improved “sense and avoid” technology, cloud-based command and control, and an international legal framework for the use of UAS in sovereign nations’ airspace.
Combating Botnets with Honeypots: The Legal Considerations
By Carilyn S. Fennell
This paper discusses the legal considerations for deploying honeypots to combat botnets. The use of botnets is a growing cyber threat and honeypots are being deployed as weapons of defense by companies, law enforcement, and government agencies. Honeypots are designed to track and analyze botnet data. The information gathered through a honeypot can be used for criminal prosecution. As with any weapon used in cyber warfare, there are risks involved. The legal risks associated with honeypot deployment include entrapment, liability, and privacy. The development of technology often outpaces the passage of legal statutes, and it often takes legal statutes time to become equal to technology. The laws applying to honeypot deployment are no exception.
This paper discusses the current legal statutes involving entrapment, liability, and privacy and how they can be applied to honeypot deployment. A series of questions were selected as the research focus. Does the use of honeypots constitute entrapment? Is the use of honeypots a liability to those who deploy them? Does the use of honeypots violate privacy rights? It was discovered that there is no clear answer to any of the questions posed. The current statutes were found to be outdated and apply vaguely to entrapment, liability, and privacy. Each current statute has exceptions that can be applied indirectly to honeypots. Each of those exceptions was discussed in relation to honeypot deployment.
Virtual World Communities: An Examination of Current Digital Forensic Technology
By William Hartman
Virtual worlds are places of escape not just for the average person alone, but also for the criminal element. They are places where individuals may interact with legal or illegal intent against those they meet online or across the Internet. An investigator working on a case in the physical world may find the evidence leads to one of these virtual realms. The purpose of this research is to examine current digital forensic technology and recommend improvements to current practices in virtual world investigations. The target audiences for this research are those law enforcement and intelligence agencies who may be charged with conducting investigations within virtual environments(Ex. FBI, NYPD, CIA, etc.).
It takes a great deal of time and care to find and collect data in a forensically sound manner, and much may be hidden within the huge graphics files used in these worlds. A tree may hold a thousand credit card numbers, a cloud might hide malware or terrorist secrets, and an ice cream truck might carry a million pictures of violated innocence. Stolen credit card numbers, malware, terrorist secrets and even child pornography are only a few examples of what may be stored by the criminal element. An investigator acquires evidence normally through traditional physical investigations or online research via Google and Social Media like Twitter, Facebook, LinkedIn, etc. Traditional investigatory methods alone are not enough to be successful in these worlds but may be adapted by an investigator who chooses to learn the gaming culture and become a trusted member of the virtual community they investigate.
Challenges of Digital Forensic Investigations in the Cloud Environment
By Candice Torres
The increased use of cloud technology in today’s business, educational and personal computing environments has created several challenges when it comes to digital forensic examinations. Cybercriminals and hackers are exploiting this technology and attacking and infiltrating systems in ways that have not been seen before. Digital forensic examiners, law enforcement officials and cybercrime investigators are facing new hurdles when performing examinations and investigations that involve cloud technology.
This study performed research in the form of a review of existing literature related to cloud technology and its impact on the field of digital forensic investigations. The research confirms that the continued development and use of cloud computing technology has a very strong impact on forensic investigations. Investigators will be faced with new hurdles and challenges when performing investigations in cloud-based systems and a new set of standards, guidelines, policies, practices and regulations will have to be put in place to ensure the success of cloud-based forensics.
Network Security Through Open Source Intrusion Detection Systems
By Russell A. Tantillo
Computer networks are a system of interconnected computers for the purpose of sharing digital information. The concept of a network began in 1962 when a server at the Massachusetts Institute of Technology was connected to a server in Santa Monica, California. Since that time the proliferation of computers and computer networks has increased significantly. One of the most significant challenges to networks is attacks on their resources caused by inadequate network security. The purpose of this research project was to evaluate open source, free, intrusion detection systems and how easily they can integrate into an existing network. Research was conducted for this study through a review of existing literature pertaining to intrusion detection systems and how they function. The literature also highlighted previous studies conducted on intrusion detection systems, both commercial and open source. In addition to the review of existing literature, the author conducted independent testing on three open source intrusion detection systems. The open source programs, Snort, OSSEC, and Prelude, were selected due to being highly rated in professional publications. The author created a secure simulated computer network, to ensure that each of the programs was tested in a controlled and equitable manner. The findings of this study determined that the three open source intrusion detection systems tested are as capable as commercial programs in securing a computer network.
A Proposal for a Windows Open Source Command Line Undelete Excavator WosClue
By Claude Turner
Currently most undelete utilities for Windows XP or later have a Graphical User Interface or GUI (pronounced gooey). GUI tools are common in the Windows environment. They are easy to use with a small “learning curve”, but because they require constant user interaction, the user has to sit at the computer and make selections with a mouse or keyboard throughout the process.
This paper is a proposal for the development of a Windows Open Source Command Line Undelete Utility (WosClue). This utility would be used by forensic examiners to retrieve deleted files during live forensics. It looks at the features of existing graphical undelete utilities and compared them to the potential features the command line utility would have showing the advantages of a command line version of the tools. It also gives an overview of how the features of the command line tool could be used, with a special focus on how it can be used with “pipe” commands.
WosClue will be significantly different from the GUI programs. While it will still technically need to be a two-step process, some scripting and filters could reduce it to one-step if necessary unlike the other applications. It will be one executable, although it will be bundled with some scripts to maximize its potential. This is different from the Sleuth Kit tools, which break the process into two separate programs. Most of the power of WosClue will come from the use of batch or command files, with the aid of grep or some other utility. There are sample batch files to show how it can be used. The paper demonstrates a need for the tool, and lists the next steps need to create it.
The Use Of Steganography In Cyber-Terrorist Communications
By Kerry Mildon
This paper discusses the use of steganography as a tool for hiding covert communications between terrorists. Steganography tools are being used within different mediums to conceal communications from one terrorist or terrorist cell to another without the knowledge of a third party. Terrorists use various steganography tools (either freeware or for purchase) to embed or “hide” data in a carrier file; commonly an image, audio, or video file. The tools have the ability to conceal information in a manner unnoticeable to the naked eye requiring further investigation and verification if suspected.
Through the use of steganography many countries are rising as greater threats to the United States within the cyber-realm. With the recent incidents involving the penetration of U.S. computer systems, knowledge of steganography tools and how it is used has become more relevant. Agencies need to gain a better understanding of the methods and tools that are being used by those posing the greatest threat to our national security while continuously improving upon existing policies and risk assessment measures; as well as training and educating all levels of employees to be more alert for possible steganographic messages.
Developing a Suspicious File Triage Tool
By Kevin Stilwell
This paper discusses the creation of a software tool called the Suspicious File Triage Tool, or SFTT. SFTT assists in the collection of open source intelligence related to suspicious files. The tool gathers information from the Internet and sources compiled by the user. SFTT is being created in response to the tremendous growth in the amount of malware and also its rapid evolution. It is meant to complement the other software tools used for malware analysis that exist and to free the malware analyst for tasks that require creativity and expertise. SFTT strives to prevent information leakage by not uploading files to external services.
SFTT can be enhanced by developing new plug-ins and changing the core structure of the tool to meet new requirements. Designing the tool to be used as a web service and adding alternate output formats like PDF and XML will make the tool easier to access and its data more useful. SFTT can be modified to integrate tightly into an existing automation framework to increase efficiency. Plug-ins to use anti-virus virtual machines and malware analysis software supplied by the user address most information leakage issues.
M.S. in Economic Crime Management Dissertations
In an effort to promulgate Utica College’s graduate students’ capstone projects in the M.S. degree in Economic crime Management, the Economic Crime Institute publishes dissertations chosen by faculty. The objective is to provide resources to individuals seeking information on topics such as economic crime investigations, data breaches, money laundering, identity theft, digital investigations, risk management, cybercrime trends, digital investigations, and other topics.
Credit Card Fraud and Social Engineering
By Glenn A. Hall
Credit card fraud is a billion dollar a year industry (Nilson, 2011). Financial institutions invest heavily in detection and prevention technology in an effort to mitigate their losses due to fraud. Bank technology spending is estimated to grow approximately 30 percent to $7.2 billion by 2015 in anti-fraud technology for mobile banking alone (Computerworld, 2012). According to the Federal Trade Commission, the total number of complaints submitted to the Consumer Sentinel database in 2005 totaled 686,683, an increase of 21 percent from 2003 (Identity Theft Data, 2005). Identity theft complaints represented 255,565, or 37 percent of the total complaints, and the most common type of identity theft was credit card fraud. In an effort to stem the tide of identity theft related fraud losses, the credit card industry have traditionally taken the approach of investing more money and resources into enhancing their authentication technology. However, technology alone has not, and will not, effectively address the problem. The millions of dollars and thousands of man-hours invested in the development of new authentication technology is undermined by the financial institutions’ front-line employees and the credit card banking customers themselves due to the cunning and, often times impressive, social engineering and technical subterfuge tactics perpetrated by the fraudsters.
Analysis Of Fraud Perpetrated Through ATM
By Lisa Frikker-Gruss
The global payments industry is currently undergoing a technological shift in security protection. Unfortunately, the United States of America has been lagging behind the rest of the world in implementing standards to enhance protection, such as Chip and PIN authentication in payment cards and biometric validation systems at payment terminals. Payments industry leaders have forced a 2016 deadline for equipment operators to upgrade the technology to either comply with Chip and PIN capabilities or endure increased liability. This initiative is not without warrant, as organized criminal gangs from around the world have moved their operations into the United States. The older technology is thus making this country an easier and more susceptible target.
This project focuses specifically on skimming fraud perpetrated at automated teller machines. The Chip and PIN technology used in countries abroad has enhanced user authentication, however, it too has deficiencies and limitations. The vulnerabilities of the random number generator that were identified through a study completed out of the University of Cambridge are reviewed. Additionally, the benefits of using biometrics are highlighted as an authentication tool to implement even after Chip and PIN technology is introduced in the United States.
This project demonstrates the strengths of predictive analysis as a detection tool by measuring a customer’s demographic and behavioral metrics and discovering the commonalities that exist within legitimate and fraudulent transactions. The goal is to offer strategic solutions for financial institutions to customize into their organization. To achieve effective operational risk management, multiple layers of user authentication and transaction verification should be analyzed and implemented.
The Current State Of Critical Infrastructure Protection
By Jessica Katz
The electric grid is one of eighteen critical infrastructures in the United States that is at risk from cyber attacks. As critical infrastructures become more reliant on networked systems, it is likely that the threat of cyber attacks will increase. These types of attacks are easily executed, inexpensive, and may be performed from anywhere in the world, making it an all too popular tool among hackers and terrorists.
Cyber attacks launched against the electric grid have serious economic impact. The banking and financial sectors rely heavily on electricity to facilitate transactions via computer networks. Due to increased reliance on electricity, it is important that both physical security and cyber security of the electric grid is improved.
The United States and Australia have established and implemented critical infrastructure protection strategies to protect against cyber based threats. This research established that there is a need for the public and private sectors to partner in regard to critical infrastructure cyber security, specifically the electrical grid. The ability of a nation to adequately defend against cyber attacks is highly dependent upon information sharing between private industry and government.
Research concluded that the United States information protection regulations are stronger than Australia’s. The Australian government has a laissez faire approach to information protection as opposed to a highly enforced compliancy standard, as implemented in the United States. Further research into how other countries are regulating cyber security is required to provide insight into an effective information protection strategy for the future of critical infrastructures.
Into The Breach: Lessons Learned From Data Breach Research
By Christine Arevalo
Organizations are exposing personal information at an alarming rate, with a probable correlation to an increase in identity theft victims. Data breaches are a growing threat to commerce, concern for policymakers, and businesses; as well as a hotly debated topic among legislators and academics.
This project offers a unique perspective on this topic since the researcher has visibility into dozens of organizations and hundreds of data breach events. This two part research project will clarify important points, and expose fundamental research gaps that exist today.
Key results suggest that the phenomenon known as “over-notification” does not truly exist, that individuals are not overly anxious upon receipt of notification letters, and that additional research is needed in a few key areas regarding the content of notification letters.