Engineering Commons^™

Extraction Of Electronic Evidence From Voip: Identification & Analysis Of Digital Speech, David Irwin, Arek Dadej, Jill Slay

Journal of Digital Forensics, Security and Law

The Voice over Internet Protocol (VoIP) is increasing in popularity as a cost effective and efficient means of making telephone calls via the Internet. However, VoIP may also be an attractive method of communication to criminals as their true identity may be hidden and voice and video communications are encrypted as they are deployed across the Internet. This produces a new set of challenges for forensic analysts compared with traditional wire-tapping of the Public Switched Telephone Network (PSTN) infrastructure, which is not applicable to VoIP. Therefore, other methods of recovering electronic evidence from VoIP are required. This research investigates the …

The Science Of Digital Forensics: Recovery Of Data From Overwritten Areas Of Magnetic Media, Fred Cohen

Journal of Digital Forensics, Security and Law

The first time I encountered data loss and recovery effects of magnetic memory was as a night and weekend computer operator for the computer science department of Carnegie-Mellon University in the 1973-1974 time frame. Part of my job involved dealing directly with outages and failures associated with magnetic memory components used in what, at the time, were large computer systems. On occasions, portions of magnetic core memory or disk drives would encounter various failure modes and the systems using these devices would have to be reconfigured to operate without the failed components until repair personnel could come in to repair …

An Australian Perspective On The Challenges For Computer And Network Security For Novice Endusers, Patryk Szewczyk

Journal of Digital Forensics, Security and Law

It is common for end-users to have difficulty in using computer or network security appropriately and thus have often been ridiculed when misinterpreting instructions or procedures. This discussion paper details the outcomes of research undertaken over the past six years on why security is overly complex for endusers. The results indicate that multiple issues may render end-users vulnerable to security threats and that there is no single solution to address these problems. Studies on a small group of senior citizens has shown that educational seminars can be beneficial in ensuring that simple security aspects are understood and used appropriately.

Implementing The Automated Phases Of The Partially-Automated Digital Triage Process Model, Gary Cantrell, David A. Dampier

Journal of Digital Forensics, Security and Law

Digital triage is a pre-digital-forensic phase that sometimes takes place as a way of gathering quick intelligence. Although effort has been undertaken to model the digital forensics process, little has been done to-date to model digital triage. This work discusses the further development of a model that attempts to address digital triage, the Partially-automated Crime Specific Digital Triage Process model. The model itself will be presented along with a description of how its automated functionality was implemented to facilitate model testing.

“Preemptive Suppression” – Judges Claim The Right To Find Digital Evidence Inadmissible Before It Is Even Discovered, Bob Simpson

Journal of Digital Forensics, Security and Law

Vermont state prosecutors have asked the Vermont Supreme Court to end a state trial judge’s practice of attaching conditions to computer warrants. The Vermont judge’s conditions are drawn from five conditions established in the 2009 decision of the 9th Circuit Court of Appeals in the Comprehensive Drug Testing, Inc. case (CDT II). This is the first time the validity of the “CDT conditions” will be decided by a state court of final jurisdiction in the United States

Book Review: Mastering Windows Network Forensics And Investigation, 2/E, John C. Ebert

Journal of Digital Forensics, Security and Law

The book is available as a paperback and e-book. The e-book versions allow you to preview several chapters at any of a number of online vendors. The e-book prices vary from the same as the soft cover version ($59.99) to about $38.99. Some of the vendor's e-books retain the color illustrations found in the print version, but others produce them in grey scale, so you might want to look out for that. The book is divided into four parts (17 chapters) plus two appendices.

I am compelled to give the book illustrations a highly unfavorable assessment regarding their readability qualities. …

Technology Corner: A Regular Expression Training App, Nick V. Flor

Journal of Digital Forensics, Security and Law

Regular expressions enable digital forensic analysts to find information in files. The best way for an analyst to become proficient in writing regular expressions is to practice. This paper presents the code for an app that allows an analyst to practice writing regular expressions.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Dns In Computer Forensics, Neil F. Wright

Journal of Digital Forensics, Security and Law

The Domain Name Service (DNS) is a critical core component of the global Internet and integral to the majority of corporate intranets. It provides resolution services between the human-readable name-based system addresses and the machine operable Internet Protocol (IP) based addresses required for creating network level connections. Whilst structured as a globally dispersed resilient tree data structure, from the Global and Country Code Top Level Domains (gTLD/ccTLD) down to the individual site and system leaf nodes, it is highly resilient although vulnerable to various attacks, exploits and systematic failures.

Digital Evidence Education In Schools Of Law, Aaron Alva, Barbara Endicott-Popovsky

Journal of Digital Forensics, Security and Law

An examination of State of Connecticut v. Julie Amero provides insight into how a general lack of understanding of digital evidence can cause an innocent defendant to be wrongfully convicted. By contrast, the 101-page opinion in Lorraine v. Markel American Insurance Co. provides legal precedence and a detailed consideration for the admission of digital evidence. An analysis of both cases leads the authors to recommend additions to Law School curricula designed to raise the awareness of the legal community to ensure such travesties of justice, as in the Amero case, don’t occur in the future. Work underway at the University …

Identifying Trace Evidence From Target-Specific Data Wiping Application Software, Gregory H. Carlton, Gary C. Kessler

Journal of Digital Forensics, Security and Law

One area of particular concern for computer forensics examiners involves situations in which someone utilized software applications to destroy evidence. There are products available in the marketplace that are relatively inexpensive and advertised as being able to destroy targeted portions of data stored within a computer system. This study was undertaken to analyze a subset of these tools in order to identify trace evidence, if any, left behind on disk media after executing these applications. We evaluated five Windows 7 compatible software products whose advertised features include the ability for users to wipe targeted files, folders, or evidence of selected …

Forensic Evidence Identification And Modeling For Attacks Against A Simulated Online Business Information System, Manghui Tu, Dianxiang Xu, Eugene Butler, Amanda Schwartz

Journal of Digital Forensics, Security and Law

Forensic readiness of business information systems can support future forensics investigation or auditing on external/internal attacks, internal sabotage and espionage, and business fraud. To establish forensics readiness, it is essential for an organization to identify which fingerprints are relevant and where they can be located, to determine whether they are logged in a forensically sound way and whether all the needed fingerprints are available to reconstruct the events successfully. Also, a fingerprint identification and locating mechanism should be provided to guide potential forensics investigation in the future. Furthermore, mechanisms should be established to automate the security incident tracking and reconstruction …

Ios Mobile Device Forensics: Initial Analysis, Rita M. Barrios, Michael R. Lehrfeld

Annual ADFSL Conference on Digital Forensics, Security and Law

The ability to recover forensic artifacts from mobile devices is proving to be an ever-increasing challenge for investigators. Coupling this with the ubiquity of mobile devices and the increasing complexity and processing power they contain results in a reliance on them by suspects. In investigating Apple’s iOS devices -- namely the iPhone and iPad -- an investigator’s challenges are increased due to the closed nature of the platforms. What is left is an extremely powerful and complex mobile tool that is inexpensive, small, and can be used in suspect activities. Little is known about the internal data structures of the …

Forensic Analysis Of Smartphones: The Android Data Extractor Lite (Adel), Felix Freiling, Michael Spreitzenbarth, Sven Schmitt

Annual ADFSL Conference on Digital Forensics, Security and Law

Due to the ubiquitous use of smartphones, these devices become an increasingly important source of digital evidence in forensic investigations. Thus, the recovery of digital traces from smartphones often plays an essential role for the examination and clarification of the facts in a case. Although some tools already exist regarding the examination of smartphone data, there is still a strong demand to develop further methods and tools for forensic extraction and analysis of data that is stored on smartphones. In this paper we describe specifications of smartphones running Android. We further introduce a newly developed tool – called ADEL – …

Survey On Cloud Forensics And Critical Criteria For Cloud Forensic Capability: A Preliminary Analysis, Keyun Ruan, Ibrahim Baggili, Joe Carthy, Tahar Kechadi

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper we present the current results and analysis of the survey “Cloud forensics and critical criteria for cloud forensic capability” carried out towards digital forensic experts and practitioners. This survey was created in order to gain a better understanding on some of the key questions of the new field - cloud forensics - before further research and development. We aim to understand concepts such as its definition, the most challenging issues, most valuable research directions, and the critical criteria for cloud forensic capability.

Keywords: Cloud Forensics, Cloud Computing, Digital Forensics, Survey, Cloud Forensic Capability

Kindle Forensics: Acquisition & Analysis, Peter Hannay

Annual ADFSL Conference on Digital Forensics, Security and Law

The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.

Keywords: forensics, digital forensics, kindle, mobile, embedded, ebook, ereader

Aacsb‐Accredited Schools’ Adoption Of Information Security Curriculum, Linda Lau, Cheryl Davis

Annual ADFSL Conference on Digital Forensics, Security and Law

The need to professionally and successfully conduct computer forensic investigations of incidents has never been greater. This has launched an increasing demand for a skilled computer security workforce (Locasto, et al., 2011). This paper examines the extent to which AACSB-accredited universities located in Virginia, Maryland and Washington, D.C. are working towards providing courses that will meet this demand. The authors conduct an online research of the information security courses and programs offered by the 27 AACSB-accredited business schools in the selected area.

The preliminary investigation revealed that eight of the 27 participating universities did not offer any courses in cybersecurity, …

Digital Forensics Investigation In A Collegiate Environment, Robert E. Johnston

Annual ADFSL Conference on Digital Forensics, Security and Law

Creating, building, managing a cost effective digital forensics lab including a team of qualified examiners can be a challenge for colleges [1] with multiple campuses in multiple towns, counties and states. Leaving such examination responsibilities to each of the campuses results in not only disparity in the results but more than likely excessive duplication of efforts as well as the potential for compromise of evidence. Centralizing the forensic efforts results in a team that is not subject to the political pressures of a campus and virtually eliminates the possibility of examiner favoritism. Learn what it takes to create a cost …

Backtrack In The Outback - A Preliminary Report On Cyber Security Evaluation Of Organisations In Western Australia, Craig Valli, Andrew Woodward, Peter Hannay

Annual ADFSL Conference on Digital Forensics, Security and Law

The authors were involved in extensive vulnerability assessment and penetration testing of over 15 large organisations across various industry sectors in the Perth CBD. The actual live testing involved a team of five people for approximately a four week period, and was black box testing. The scanning consisted of running network and web vulnerability tools, and in a few cases, exploiting vulnerability to establish validity of the tools. The tools were run in aggressive mode with no attempt made to deceive or avoid detection by IDS/IPS or firewalls. The aim of the testing was to determine firstly whether these organisations …

Creating Realistic Corpora For Security And Forensic Education, Kam Woods, Christopher A. Lee, Simson Garfinkel, David Dittrich, Adam Russell, Kris Kearton

Annual ADFSL Conference on Digital Forensics, Security and Law

We present work on the design, implementation, distribution, and use of realistic forensic datasets to support digital forensics and security education. We describe in particular the “M57-Patents” scenario, a multi-modal corpus consisting of hard drive images, RAM images, network captures, and images from other devices typically found in forensics investigations such as USB drives and cellphones. Corpus creation has been performed as part of a scripted scenario; subsequently it is less “noisy” than real-world data but retains the complexity necessary to support a wide variety of forensic education activities. Realistic forensic corpora allow direct comparison of approaches and tools across …

Developing A Forensic Continuous Audit Model, Grover S. Kearns, Katherine J. Barker

Annual ADFSL Conference on Digital Forensics, Security and Law

Despite increased attention to internal controls and risk assessment, traditional audit approaches do not seem to be highly effective in uncovering the majority of frauds. Less than 20 percent of all occupational frauds are uncovered by auditors. Forensic accounting has recognized the need for automated approaches to fraud analysis yet research has not examined the benefits of forensic continuous auditing as a method to detect and deter corporate fraud. The purpose of this paper is to show how such an approach is possible. A model is presented that supports the acceptance of forensic continuous auditing by auditors and management as …

Development Of A Distributed Print‐Out Monitoring System For Efficient Forensic Investigation, Satoshi Kai, Tetsutaro Uehara

Annual ADFSL Conference on Digital Forensics, Security and Law

If information leakage occurs, an investigator is instructed to specify what documents were leaked and who leaked them. In the present work, a distributed print-out monitoring system—which consists of a virtual printer driver and print-out policy/log management servers—was developed. For easily matching the discovered (i.e., leaked) paper document with the print-out log, the virtual printer driver acquires full-text of printed-out documents by DDI hooking technique to check the content, transforms a spool file to a picture file and creates both a thumbnail and text log for forensic investigation afterwards. The log size is as only about 0.04 times bigger than …

Mac Os X Forensics: Password Discovery, David Primeaux, Robert Dahlberg, Kamnab Keo, Stephen Larson, B. Pennell, K. Sherman

Annual ADFSL Conference on Digital Forensics, Security and Law

OS X provides a password-rich environment in which passwords protect OS X resources and perhaps many other resources accessed through OS X. Every password an investigator discovers in an OS X environment has the potential for use in discovering other such passwords, and any discovered passwords may also be useful in other aspects of an investigation, not directly related to the OS X environment. This research advises the use of multiple attack vectors in approaching the password problem in an OS X system, including the more generally applicable non-OS X-specific techniques such as social engineering or well-known password cracking techniques …

Software Piracy Forensics: Impact And Implications Of Post‐Piracy Modifications, Vinod Bhattathiripad, S. Santhosh Baboo

Annual ADFSL Conference on Digital Forensics, Security and Law

Piracy is potentially possible at any stage of the lifetime of the software. In a post-piracy situation, however, the growth of the respective versions of the software (both the original and pirated) is expected to be in different directions as a result of expectedly different implementation strategies. This paper shows how such post-piracy modifications are of special interest to a cyber crime expert investigating software piracy and suggests that the present software piracy forensic (or software copyright infringement investigation) approaches require amendments to take in such modifications. For this purpose, the paper also presents a format that is jargon-free, so …

Understanding Issues In Cloud Forensics: Two Hypothetical Case Studies, Josiah Dykstra, Alan T. Sherman

Annual ADFSL Conference on Digital Forensics, Security and Law

The inevitable vulnerabilities and criminal targeting of cloud environments demand an understanding of how digital forensic investigations of the cloud can be accomplished. We present two hypothetical case studies of cloud crimes; child pornography being hosted in the cloud, and a compromised cloudbased website. Our cases highlight shortcomings of current forensic practices and laws. We describe significant challenges with cloud forensics, including forensic acquisition, evidence preservation and chain of custody, and open problems for continued research.

Keywords: Cloud computing, cloud forensics, digital forensics, case studies

A Practitioners Guide To The Forensic Investigation Of Xbox 360 Gaming Consoles, Ashley L. Podhradsky, Rob D’Ovidio, Cindy Casey

Annual ADFSL Conference on Digital Forensics, Security and Law

Given the ubiquitous nature of computing, individuals now have nearly 24-7 access to the internet. People are not just going online through traditional means with a PC anymore, they are now frequently using nontraditional devices such as cell phones, smart phones, and gaming consoles. Given the increased use of gaming consoles for online access, there is also an increased use of gaming consoles to commit criminal activity. The digital forensic community has been tasked with creating new approaches for forensically analyzing gaming consoles. In this research paper the authors demonstrate different tools, both commercial and open source, available to forensically …

Sampling: Making Electronic Discovery More Cost Effective, Milton Luoma, Vicki Luoma

Annual ADFSL Conference on Digital Forensics, Security and Law

With the huge volumes of electronic data subject to discovery in virtually every instance of litigation, time and costs of conducting discovery have become exceedingly important when litigants plan their discovery strategies. Rather than incurring the costs of having lawyers review every document produced in response to a discovery request in search of relevant evidence, a cost effective strategy for document review planning is to use statistical sampling of the database of documents to determine the likelihood of finding relevant evidence by reviewing additional documents. This paper reviews and discusses how sampling can be used to make document review more …

Digital Forensics And The Law, Karon N. Murff, Hugh E. Gardenier, Martha L. Gardenier

Annual ADFSL Conference on Digital Forensics, Security and Law

As computers and digital devices become more entrenched in our way of life, they become tools for both good and nefarious purposes. When the digital world collides with the legal world, a vast chasm is created. This paper will reflect how the legal community is failing to meet its obligation to provide adequate representation due to a lack of education about digital (computer) forensics. Whether in a civil litigation setting or a criminal setting, attorneys, prosecutors and judges have inadequate knowledge when it comes to the important questions they need to ask regarding digital evidence. Reliance on expert witnesses is …