Free Essay

Forensic Studies Volatility

In: Science

Submitted By limweifei92
Words 1584
Pages 7
Forensicc studies volatility
1. List the processes that were running on the victim’s machine. Which process was most likely responsible for the initial exploit?

Figure 1 seeking the profile
As shown in figure one, when the command “vol imageinfo –f /root/Desktop/BF.vmem” is applied, the result shows the suggested profile which is WinXPSP2x86 and WinXPSP3x86.With that we can able to identify the profile victim is using.
Figure 2 Result of Pslist
By using the “Pslist” command, we are able to trace the process running in the victim and based on the scenario provided, the user was emailed a link to a suspicious PDF by a co-worker. The chaos happened after the PDF file is opened. As shown in figure 2, “AcroRd32.exe” with PID 1752 is most likely responsible for the exploit. The PPID (parent PID) of AcroRd32.exe is 888 which indicate firefox.exe.

2. List the sockets that were open on the victim’s machine during infection. Are there any suspicious processes that have sockets open?

Figure 3 Result of listing Sockets
Figure 3 shows the list of socket that were opened on the victim’s machine during the exploitation

Figure 4 Result of Connection
The figure above shows the list of connection found in victim’s machine and the most suspicious connection to external website is the AcroRd32.exe (PID 1752) and svchost.exe (PID 880). These application caught our attention because it does not have any outbound HTTP connections.

Figure 5 Information of IP
After finding it suspicious, we did a further investigation towards the Ip address and eventually we found 193.104.22.71 is an Iran hosting and 212.150.164.203 is an Israel hosting. Another thing we found interesting is when we refers to connection list above, we found the only process connected with the Iran hosting is PID 880 which is the svchost.exe while two processes connecting with Israel hosting are PID 888 firefox.exe and PID 1752 AcroRd.exe. Moreover, by referring to ftp://193.170.235.123/Lernbehelfe/Netzwerke/NWTU/Liste_Portnummern.pdf,
PID 880 svchost.exe has a socket object for TCP port 30301 where this port is normally associated with “BitTorrent” and so is unusual behaviour for this process. Moreover, PID 1752 (AcroRd32.exe) has a socket object on UDP port 1177 if we look on it clearly this is an Acrobat Reader process, so we concluded its unusual.

3. List any suspicious URLs that may be in the suspected process’s memory.

Figure 6 Command on Dump and View Process ID of 880
The figure above shows the command to obtain a dump of the memory from suspected process. By using the “grep” command we will able to search the relevant keyword in the dumped process and save it for review. From the lists of the url we can conclude the machine is being compromise. It is because we can identify the HTTP headers are mostly in kernel space. Thusby looking on some suspicious url such as http://193.104.22.71/~produkt/9j856f_4m9y8urb.php, we can identify it’s a virus referring to http://malwaretips.com. Other suspicious url would be the link which associated with old version.com, search-result-plus and etc. which been blacklisted in some antivirus company such as Norton and Mcafee.

Figure 7 List of Suspicious Url

Figure 8 List of Suspicious Url

Figure 9 List of Suspicious Url

Figure 10 List of Suspicious Url

Figure 11 List of Suspicious Url

Figure 12 List of Suspicious Url

Figure 13 List of Suspicious Url

Figure 14 List of Suspicious Url

Figure 15 List of Suspicious Url

Figure 16 List of Suspicious Url

Figure 17 List of Suspicious Url

Figure 18 List of Suspicious Url

Figure 19 List of Suspicious Url

Figure 20 List of Suspicious Url

Figure 21 List of Suspicious Url

Figure 22 List of Suspicious Url

Figure 23 List of Suspicious Url

Figure 24 List of Suspicious Url

Figure 25 List of Suspicious Urle

Figure 26 List of Suspicious Url

Figure 27 List of Suspicious Url

Figure 28 List of Suspicious Url

Figure 29 Command on Dump and View Process ID 1752

Figure 30 List of Suspicious Url

Figure 31 List of Suspicious Url

Figure 32 List of Suspicious Url

Figure 33 List of Suspicious Url

Figure 34 List of Suspicious Url

Figure 35 List of Suspicious Url

Figure 36 List of Suspicious Url

Figure 37 List of Suspicious Url

Figure 38 List of Suspicious Url

Figure 39 List of Suspicious Url

Figure 40 List of Suspicious Url

Figure 41 List of Suspicious Url
Figure 42 List of Suspicious Url

Figure 43 List of Suspicious Url

Figure 44 List of Suspicious Url

Figure 45 List of Suspicious Url

Figure 46 List of Suspicious Url

Figure 47 List of Suspicious Url

Figure 48 List of Suspicious Url

Figure 49 List of Suspicious Url

Figure 50 List of Suspicious Url

Figure 51 List of Suspicious Url
Figure 52 List of Suspicious Url

Figure 53 List of Suspicious Url

Figure 54 List of Suspicious Url

4. Are there any processes that contain URLs that may point to banking troubles? If so, what are these processes and what are the URLs?

Figure 55 View Memory Materials

Figure 56 Bank Url
The figure above shows the bank site which we believed the user might be involving into a banking fraud case. The link can be found in the memory of svchost.exe (PID 880), svchost.exe (PID 888) and AcroRd32.exe (PID 1752).

5. List suspicious files that were loaded by any processes on the victim’s machine. From this information, what was a possible payload of the initial exploit be that would be affecting the victim’s bank account?
To list all the suspicious files loaded by processes, we need to find all open files by processes on the system. To do this, we used the volatility “handles” plugin as shows. This command allow us to find registry keys, events, window station, desktops, threads and other type of objects. In this case, our focus will be on file.
AcroRD32.exe (PID 1752)

Figure 57 Suspicious file opened by Pid 1752
As shows in the in Figure 57, PDF.php file opened by Pid 1752 which pointed to AcroRD32.exe is most probably the files that was downloaded from search-network-plus.com/cache/PDF.php?st=Internet%20Explorer%206.0 in Firefox, and maybe related to initial download of malicious PDF file (as an email from co-workers)

Winlogon.exe (PID 644)

Figure 58 Suspicious file opened by Pid 644
As shows in Figure 58, we can saw that there are3 files being opened by PID 644 which pointed to Winlogon.exe. It seems like a malware files. The file is 118784 in size. Right after that we upload all these files to VirusTotal- a website which offer a service to analyze suspicious file for virus. The results showing that this is a Trojan which used sdra64.exe to create data files local.ds and user.ds. Whereby, local.ds is used to store the encrypted configuration and user.ds is used to store encrypted stolen data.

As we can see from the open files found in memory dump, the payload of the initial exploit was Zeus Trojan which caused the problem in victim’s bank account. This Trojan is famous in stealing bank account information which sends this information to the botmaster in real time. (Symantec, 2010)

6. Are there any related registry entries associated with the payload?
As refer to Symantec, Zeus Trojan added itself to the registry to start when Windows start, using the following subkeys: (Symantec, 2010)
i) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon ii) HKEY_CURRENT_USER\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run
Therefore, we need to check the registry loaded in the memory using volatility to check whether any of this two registry exists.
Firstly, we used hivescan plugin in volatility to find the list of registry hives in the memory. The output is shown in Figure 59 below which is the offset of all registry hives.

Figure 57 hivelist results
Right after that, to find out the exact location of each registry hives, we used hivelist plugin in volatility. The results of hivelist are shown at Figure 58 below. As we can see, the exact location of the hives is shown.

Figure 58 hivelist result
However, our main focus here would be on HKLM\Software hives. Therefore, we used the offset (0xe1526748) as shown in Figure 59 below together with printkey plugins to view and determine the registry key and value.

Figure 59 Printkey Results
From the results shown in Figure 59, the registry key is spotted similar to those registry key added by Zeus Trojan as refer to Symantec. Hence, this confirmed our assumption. 7. What technique was used in the initial exploit to inject code in to the other processes?
In this question, we extract and executables file from AcroRead.exe process address space and analysed through VirusTotal. The result is shown in Figure 60 below. It is showing that the file downloaded from Adobe Acrobat process address space was infected by winlogon.exe. The registry is modified to be able to inject itself in every process address space. When the user access to the domain listed in Zues configuration file, the hacker begins to steal the credentials. However, this analysis is not completed yet as complete reverse engineering have to take place but it is not required in this case.

Figure 60 VirusTotal Results…...

Similar Documents

Premium Essay

Volatility Markets.

...Introduction When the stock market goes up one day, and then goes down for the next five, then up again, and then down again, that’s what you call market volatility. Historically, the volatility of the stock market is roughly 20% a year and 5.8% a month, but volatility keeps on changing, so we go through periods of high volatility and low volatility. Analysts and experts have different opinions about what you should do in volatile markets, and how to scope with stock market volatility or the tendency for share prices rising and falling. Analysts. Justin Stewart, co-founder of Seven Investment Management says: “ Crashes happen. If you are a longer-term investor, you should look straight through them and remember the power of compounding dividends, or in cone arising on income.” Andrew Humphries, a director of St James Place Wealth Management, thinks that Diversification is very important and having a portfolio that is solely exposed to one asset class- be it equities, bond or property- is dangerous and all investors should ensure they hold an appropriate range of assets” Andrew Bell, the chief executive of Witan Investment trust advised: “ It is better to buy into fear and cheapness and sell into euphoria and high valuation, as long as you can endure the period before trends reverse. Investors should have this tattooed somewhere to prevent natural human psychology from making them do the opposite. Bill Mott, the manager of PSigma income, said “ in an uncertain world,......

Words: 1275 - Pages: 6

Free Essay

Forensic

...Restoration of Obliterated Marks in Forensic Science Practice and Investigations R. Kuppuswamy Forensic Science Programme, School of Health Sciences, Universiti Sains Malaysia Malaysia 1. Introduction 1.1 The problem A problem of common occurrence in forensic science is the restoration of obliterated serial numbers on the chassis and engine of stolen motor vehicles, firearms, jewellery, valuable tools, and machinery (Nickols, 1956; Wolfer & Lee, 1960; Jackson, 1962; Cunliffe & Piazaa, 1980; De Forest & Gaensslen, 1983; Schaefer, 1987; O’Hara & O’Hara, 1994; Moenssens et al (1995); Heard, 1997; Petterd, 2000; Lyle, 2004; Katterwe, 2006; Seigel, 2007; Mozayani & Noziglia, 2006; Jackson et al (2008); Levin, 2010). Serial numbers or other markings, which are unique to that particular item, are usually marked on the above metal surfaces during the manufacturing process. Criminals alter or obliterate these identification marks during thefts or other illegal uses in order to prevent their identity. On many occasions a fraudulent number would be introduced after removing the original one. In abandoned vehicles all serial numbers are verified in order to detect alterations in the identity of the vehicle (Svensson et al, 1981). Sometimes the serial numbers on firearms are removed more professionally making it hard to distinguish whether the numbers are original or not (Shoshani et al, 2001). Restoration of the original obliterated numbers provides important forensic evidence in......

Words: 10345 - Pages: 42

Premium Essay

Measuring Volatility

...MEASURING TIME VARYING VOLATILITY OF USDINR CURRENCY FUTURES IN INDIA *Suhashini.J ** Dr.Chandrasekar.K *Suhashini.J, Faculty Research Scholar, PSNA College of Engineering and Technology, Dindigul, Tamilnadu.Suhashinij@gmail.com **Dr.K.Chandrasekar, Assistant Professor, Alagappa Institute of Management, Alagappa University, Kariakudi. MEASURING TIME VARYING VOLATILITY OF USDINR CURRENCY FUTURES IN INDIA Abstract This paper examines the volatility of USDINR currency pair. USDINR currency pair was introduced in regulated stock exchange of National Stock Exchange in the year 2008. USDINR currency stated to trade as a future instrument on 29.08.2008. Though it’s a delayed decision undertaken in India to introduce currency futures in regulated exchange within the three years of its introduction 10 times of volume traded has increased. The pricing of currencies is supposed to be dependent on volatility of the markets. Therefore it’s important to know the volatility implications of currency market to trade in futures market. To understand volatility implications it is examined using ARCH, GARCH, and GARCH (1, 1) model in this paper. The study finds the evidence of time varying volatility of futures. The study finds an evidence of time varying volatility, which exhibits clustering, high persistence and predictability of currency futures in Indian Market. Key words: Time Varying Volatility, currency futures, USDINR and GARCH Introduction Currency Futures has......

Words: 2841 - Pages: 12

Premium Essay

Case Study #01 Acc-574, Forensic Accounting

...faces in news comes that “Richard Scrushy, ex-CEO of HealthSouth, has been accused of allegedly masterminding a $2.7 billion earnings misstatement at the rehabilitation and medical services company. He is also accused of conspiracy, false reporting to the U.S. Securities and Exchange Commission, multiple fraud counts and money laundering. Scrushy faces millions of dollars in fines and a maximum sentence that may near life in prison, if convicted of all counts.”(1) According to the above-mentioned case in 2003, the U.S. Securities and Exchange Commission (SEC), filed civil charges against HealthSouth for misleading public investors by presenting overstated and fraudulent financial statements. In relation to the SEC’s formal inquiriess, a forensic investigation was conducted by PricewaterhouseCoopers to determine the extent and value of the accounting misdemeanors that took place from 1997 through July 2002. The New York Times on March 22 2003 explains “the regulators describe periodic efforts by other executives - - - - to persuade Mr. Scrushy to stop the manipulations. "Scrushy insisted that the scheme continue because he did not want HRC's stock price to suffer," the S.E.C. complaint said.” (2) June 18, 2009, on the business section of the New York Time news paper we read”Four years ago, Richard M. Scrushy, the former chief executive of HealthSouth, walked out of a federal courthouse in Alabama and thanked God that he had been acquitted of criminal charges that he......

Words: 1085 - Pages: 5

Free Essay

Forensics

...files of a source drive, to save space on the target drive. Hashing helps check the integrity of the data. Various tools can integrate metadata into the image file But there exits an inability to share an image between different vendors’ computer forensics analysis tools. Like ILook imaging tool IXimager produces IDIF, IRBF, and IEIF but can be read only by ILook. Proprietary format tools produce a segmented file of 650 MB. Maximum file size per segment can be 2 GB. 2. Disk-to-disk copy: UNIX/Linux dd command does disk-to-disk copy. dd command is very easy and effective in a Linux machine. But for that we need equal or larger space in the target disk to copy full image from the source disk. Raw formatting is a technique in which we use dd command to generate image files which are split into smaller segments and are exact bit-by-bit replica of the original disk. These are sequential flat files of the source drive. Hardware and software duplicators are available for disk to disk copy. Hard duplicators like Logicube Talon,etc and software duplicators like SafeBack, EnCase, etc. Raw format is faster data transfers and has the ability to disregard minor data read errors. Versatility is a big deal as the output because many forensics tools can read the raw format, making it a universal acquisition format for most tools. It needs equal storage space as compression option is unavailable. Freeware versions, sometimes might not collect marginal (bad) sectors on the source......

Words: 937 - Pages: 4

Free Essay

Forensic

...Subspecialties of forensic psychologySubspecialties of forensic psychologySubspecialties of forensic psychology Forensic psychology is defined as the application of psychological knowledge to the legal system (Bartol & Bartol, 2012: 6). The concept of forensic psychology can be misunderstood, because the definition does not explain much. The easiest way to explain forensic psychology is to break it down into its subspecialties and describe where psychological knowledge can be applied. There are five subspecialties of forensic psychology, namely police psychology, psychology of crime and delinquency, victimology and victim services, legal psychology and correctional psychology. I will discuss legal psychology and correctional psychology. · Legal psychology Legal psychology is the study of human behavior relevant to the law. This subspecialty of forensic psychology consists of those theories that describe, explain and predict human behavior by reference to the law. Bartol & Bartol (2012) described that early in a case when attorneys are preparing for a trial and gathering information psychologist can be called in to testify. Main roles of a forensic psychologist in the USA includes, acting as a consultant to law enforcement, acting as trial consultants (jury selection, case preparation and pre-trial publicity), presenting psychology to appeal courts, doing forensic assessment and acting as an expert witness (insanity defense, competence to stand trial, sentencing, eyewitness...

Words: 1988 - Pages: 8

Free Essay

Forensic

...Forensic Psychology Abstract: U.S. Supreme Court Rules in Kumho Tire Co. v. Carmichael Case (No. 97—1709. Argued December 7, 1998–Decided March 23, 1999) On March 23, the U.S. Supreme Court ruled in Kumho Tire Co. v. Carmichael, No. 97-1709, that all types of expert evidence are subject to the relevance and reliability ‘gatekeeping’ function that the Supreme Court had articulated with respect to scientific evidence in Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993). The Court further held that trial judges have substantial discretion or ‘considerable leeway’ to determine how to evaluate relevance and reliability and to make a determination on whether to admit the expert evidence. While this decision will make it more difficult when judges are hostile to the type of expert testimony being offered by plaintiffs, there were some helpful aspects to the Court’s opinion that lawyers for plaintiffs should know and emphasize: • The Court rejected arguments that all, or even one, of the four Daubert factors (testing, peer review, error rates, and scientific acceptability) must be satisfied for the testimony to be admissible, noting that even in scientific evidence cases the Daubert factors ‘do not all necessarily apply’; • The Court endorsed the idea that expert testimony from reliable fields of study that conforms with the standards used in that discipline should be admissible (In doing so, the Court was......

Words: 395 - Pages: 2

Free Essay

How Has Our Knowledge of Dna Improved the Study of Criminal Forensics?

...How has our knowledge of DNA improved the study of criminal forensics? Introduction Through genetics, the study of DNA, we are able to figure out what and how genes are responsible for many things like our hair color or why do some people look a lot like their parents and others don’t. It also allows us to understand better how species evolve and how are they related to each other. It is important to understand how DNA mutates, changes and replicates in order to get information about what mechanisms cause DNA to change. In the 1970s scientists developed a DNA sequencing technique and other methods to manipulate and analyze DNA. This gave them the basic tools to start exploring the DNA blueprint which provided the techniques for a vast international project called The Human Genome Project (MRC). The Human Genome Project which was a major international project with the goal of decoding all our genetic information by 2003. A rough draft was done in June 2003 and it was a huge milestone that helped us understand how our genes can determine who we are (Genome Project). Many of today’s advances in DNA and biotechnology allow scientists and medical doctors to potentially cure genetic disorders through gene therapy by inserting, deleting or manipulating genes (Tillery, page 686). Another use of DNA technology is the creation of mutation by transferring DNA from one organism to another through techniques like cloning and introducing new DNA sequence into an organism to......

Words: 1437 - Pages: 6

Premium Essay

Forensic

...die. A forensic pathologist is a great profession that requires hard work, dedication, and flexibility. A Forensic Pathologist is a person who examines the bodies of people who died suddenly, unexpectedly, or violently. They are in charge of determining a person death. A medical examiner perform autopsy and trace evidence from the body for further information. This profession works hand and hand with criminal law. As a medical examiner, you are responsible for finding the exact cause of death. “I wanted to be a forensic scientist for a long time. It's like putting the pieces of a puzzle together. Solving mysteries seemed like it would be fun, scary and exciting all at the same time.” Forensic Pathologist performs a full death investigation. As a coroner, evaluates crime scene evidence. There is a large vocabulary that forensic pathologist must learn. The terminology that medical examiners use is totally different from everyday language. They use medical terms that doctors use for body parts. Education is very important no matter what career path you choose. For a forensic pathologist, you will need plenty of education you must go to high school and college; you must also make good grades. In high school, you should strive to keep a B average. Asking your counselor to find courses that relate to medical will be great. After you have finished so many courses, you can sign up for an intern. An internship is when students practice in their field study......

Words: 1117 - Pages: 5

Free Essay

A Study on S&P 500 Index Stock Return and Volatility Using Arima and Garch Modeling

...A Study on S&P 500 Index Stock Return and Volatility using ARIMA and GARCH Modeling Kaiyuan Song, Di Wu Summary In this project we first checked consistency and seasonality of S&P500 index stock performance by splitting its recent twenty years historical data into ten two year data and built ARIMA and GARCH models for each sub-period. We found that the models are considerably consistent before 2007-2008 sub-period, and there exists some minor seasonality in several subperiods, but no particular pattern can be identified for the whole period. We then tried to predict future return, volatility and VaR using the model we built for the last sub-period based on rolling forecast procedure. Though the fitted values of 10th sub-period model are very acceptable, the predicted values are reasonable yet far from satisfactory. Only some future volatility can be predicted using one-step ahead rolling forecast, and return prediction is not much better than just using historical mean, which is almost 0, to predict. These results suggest that external variables are needed for more accurate predictions, time series models alone are not sufficient. Data S&P500 index daily closing price from 1993 to 2012 are obtained from yahoo finance website. It is one of the best measures of current state of U.S. domestic economy, therefore by studying its fluctuations, consistency, seasonality and make predictions, one can determine if it is a good time to invest in U.S. stock......

Words: 1146 - Pages: 5

Premium Essay

Forensics

...this research paper was to analyze three anti-forensic techniques for potential methods of mitigating their impact on a forensic investigation. Existing research in digital forensics and anti-forensics was used to determine how altered metadata, encryption, and deletion impact the three most prominent operating systems. The common file systems for these operating systems were analyzed to determine if file system analysis could be used to mitigate the impact of the associated anti-forensic technique. The countermeasures identified in this research can be used by investigators to reduce the impact of anti-forensic techniques on an investigation. Also, the results could be used as a basis for additional research. File system analysis can be used to detect and mitigate the impact of the three methods of anti-forensics researched under the right circumstances. Some areas of anti-forensics and file systems have been relatively well-researched. However continued research is necessary to keep pace with changes in file systems as well as anti-forensic techniques. Keywords: Cybersecurity, Albert Orbinati, Windows, Linux, Macintosh, file table. MITIGATING THE IMPACT OF ANTI-FORENSIC TECHNIQUES THROUGH FILE SYSTEM ANALYSIS by Gabriel A. Flynn A Capstone Project Submitted to the Faculty of Utica College August 2012 in Partial Fulfillment of the Requirements for the Degree of Master of Science Cybersecurity – Intelligence & Forensics © Copyright 2012 by Gabriel Flynn All......

Words: 11835 - Pages: 48

Premium Essay

Forensics

...TABLE OF CONTENTS Introduction 1 Purpose 1 Methodology 1 Organization_______________________________________________________________ 2 Body 2 Computer Forensics 2 Internet Security 2 Conclusion_________________________________________________________________ 4 Sources 5 Introduction In this report I will be writing on two jobs: computer forensics and information Security. I am writing on these two due to the fact that these are two job considerations for my degree. I will be discussing benefits of each job, average pay, and description of each job. I will take time to go into detail into each of the jobs that I would like to have. I will be going into the origin of each job, degrees required for each job, and the different fields that these jobs cover. Purpose The purpose of this report is to educate others and myself on what these two jobs are about. To better inform others of the importance of each of these jobs in the digital world. It will hopefully allow others to have a better understanding of the two jobs that I have chosen. There are many things about each of these jobs that people would deem as boring or not interesting, but the digital world is a very interesting place. It is like another world laid on top of this one, there but just out of reach unless you have the technology to access it. There are many things one can gleam from the internet and the digital world, and I will expound upon...

Words: 1629 - Pages: 7

Free Essay

Sec 402 Wk 7 Case Study 2 Developing the Forensics

...SEC 402 WK 7 CASE STUDY 2 DEVELOPING THE FORENSICS To purchase this visit here: http://www.activitymode.com/product/sec-402-wk-7-case-study-2-developing-the-forensics/ Contact us at: SUPPORT@ACTIVITYMODE.COM SEC 402 WK 7 CASE STUDY 2 DEVELOPING THE FORENSICS SEC 402 WK 7 Case Study 2 - Developing the Forensics, Continuity, Incident Management, and Security Training Write a five to seven (5-7) page paper in which you: 1. Consider that Data Security and Policy Assurance methods are important to the overall success of IT and Corporate data security. a. Determine how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. b. Explain how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved. c. Determine how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts. Give an example with your response. 2. Suggest at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts. Describe how these could be implemented. 3. Explain the essentials of defining a digital forensics process and provide two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article. 4. Provide a step-by-step process that......

Words: 1406 - Pages: 6

Premium Essay

The Impact of Derivatives on Stock Market Volatility: a Study of the Nifty Index

...ACADEMY of MANAGEMENT JOURNAL of ACCOUNTING and FINANCE THE IMPACT OF DERIVATIVES ON STOCK MARKET VOLATILITY: A STUDY OF THE NIFTY INDEX T. Mallikarjunappa1* and Afsal E. M.2 1 Department of Business Administration, Mangalore University, Mangalagangotri – 574199, Mangalore, DK, Karnataka, India 2 School of Management and Business Studies, Mahatma Gandhi University, P.D. Hills, Kottayam – 686560, Kerala State, India *Corresponding author: tmmallik@yahoo.com ABSTRACT This paper studies the volatility implications of the introduction of derivatives on stock market volatility in India using the S&P CNX Nifty Index as a benchmark. To account for non-constant error variance in the return series, a GARCH model is fitted by incorporating futures and options dummy variables in the conditional variance equation. We find clustering and persistence of volatility before and after derivatives, while listing seems to have no stabilisation or destabilisation effects on market volatility. The postderivatives period shows that the sensitivity of the index returns to market returns and any day-of-the-week effects have disappeared. That is, the nature of the volatility patterns has altered during the post-derivatives period. Keywords: conditional volatility, heteroscedasticity, volatility clustering, market efficiency INTRODUCTION The modelling of asset returns volatility continues to be one of the key areas of financial research as it provides substantial......

Words: 9589 - Pages: 39

Premium Essay

Forensic

...Forensic Toxicology     It was during the years of 1998 and 2001 that a very demure and innocent looking woman named Van le Thahn began her killing spree. Thahn was 49 years old  at the time and was from the city of Ho Chi Minh in Vietnam. Van le Thahn successfully poisoned 13 people with cyanide. Named the Vietnamese Black Widow, Van would intentionally place herself in situations that would allow her to interact with people who were rich and affluent. After gaining access to the circle, Van would befriend those that she thought would be easy targets and victims to her scheme. She would cook for her new found “friends” and provide drinks that contained cyanide which ultimately ended their lives. Van did not discriminate when it came to her targets in some cases. It is estimated that Van killed thirteen people during the years of her killing spree, among the thirteen people she killed included was her mother-in-law, brother-in-law, and two ex-husbands. It is speculated that the killing of the members of Van’s extended family was due to ongoing family problems. Van’s main goal for the selection of her targets and killing them was to take their most valuables items for her possession or sell them for the money. It is estimated that Van was able to steal more than twenty thousand US dollars from her victims. Because of the nature of these killings it made finding out that Van was the killer hard. It is without a doubt that had it not been for the expertise of a Forensic......

Words: 1979 - Pages: 8