Computer Engineering Commons^™

Ios Mobile Device Forensics: Initial Analysis, Rita M. Barrios, Michael R. Lehrfeld

Annual ADFSL Conference on Digital Forensics, Security and Law

The ability to recover forensic artifacts from mobile devices is proving to be an ever-increasing challenge for investigators. Coupling this with the ubiquity of mobile devices and the increasing complexity and processing power they contain results in a reliance on them by suspects. In investigating Apple’s iOS devices -- namely the iPhone and iPad -- an investigator’s challenges are increased due to the closed nature of the platforms. What is left is an extremely powerful and complex mobile tool that is inexpensive, small, and can be used in suspect activities. Little is known about the internal data structures of the …

Forensic Analysis Of Smartphones: The Android Data Extractor Lite (Adel), Felix Freiling, Michael Spreitzenbarth, Sven Schmitt

Annual ADFSL Conference on Digital Forensics, Security and Law

Due to the ubiquitous use of smartphones, these devices become an increasingly important source of digital evidence in forensic investigations. Thus, the recovery of digital traces from smartphones often plays an essential role for the examination and clarification of the facts in a case. Although some tools already exist regarding the examination of smartphone data, there is still a strong demand to develop further methods and tools for forensic extraction and analysis of data that is stored on smartphones. In this paper we describe specifications of smartphones running Android. We further introduce a newly developed tool – called ADEL – …

Survey On Cloud Forensics And Critical Criteria For Cloud Forensic Capability: A Preliminary Analysis, Keyun Ruan, Ibrahim Baggili, Joe Carthy, Tahar Kechadi

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper we present the current results and analysis of the survey “Cloud forensics and critical criteria for cloud forensic capability” carried out towards digital forensic experts and practitioners. This survey was created in order to gain a better understanding on some of the key questions of the new field - cloud forensics - before further research and development. We aim to understand concepts such as its definition, the most challenging issues, most valuable research directions, and the critical criteria for cloud forensic capability.

Keywords: Cloud Forensics, Cloud Computing, Digital Forensics, Survey, Cloud Forensic Capability

Kindle Forensics: Acquisition & Analysis, Peter Hannay

Annual ADFSL Conference on Digital Forensics, Security and Law

The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.

Keywords: forensics, digital forensics, kindle, mobile, embedded, ebook, ereader

Aacsb‐Accredited Schools’ Adoption Of Information Security Curriculum, Linda Lau, Cheryl Davis

Annual ADFSL Conference on Digital Forensics, Security and Law

The need to professionally and successfully conduct computer forensic investigations of incidents has never been greater. This has launched an increasing demand for a skilled computer security workforce (Locasto, et al., 2011). This paper examines the extent to which AACSB-accredited universities located in Virginia, Maryland and Washington, D.C. are working towards providing courses that will meet this demand. The authors conduct an online research of the information security courses and programs offered by the 27 AACSB-accredited business schools in the selected area.

The preliminary investigation revealed that eight of the 27 participating universities did not offer any courses in cybersecurity, …

Digital Forensics Investigation In A Collegiate Environment, Robert E. Johnston

Annual ADFSL Conference on Digital Forensics, Security and Law

Creating, building, managing a cost effective digital forensics lab including a team of qualified examiners can be a challenge for colleges [1] with multiple campuses in multiple towns, counties and states. Leaving such examination responsibilities to each of the campuses results in not only disparity in the results but more than likely excessive duplication of efforts as well as the potential for compromise of evidence. Centralizing the forensic efforts results in a team that is not subject to the political pressures of a campus and virtually eliminates the possibility of examiner favoritism. Learn what it takes to create a cost …

Backtrack In The Outback - A Preliminary Report On Cyber Security Evaluation Of Organisations In Western Australia, Craig Valli, Andrew Woodward, Peter Hannay

Annual ADFSL Conference on Digital Forensics, Security and Law

The authors were involved in extensive vulnerability assessment and penetration testing of over 15 large organisations across various industry sectors in the Perth CBD. The actual live testing involved a team of five people for approximately a four week period, and was black box testing. The scanning consisted of running network and web vulnerability tools, and in a few cases, exploiting vulnerability to establish validity of the tools. The tools were run in aggressive mode with no attempt made to deceive or avoid detection by IDS/IPS or firewalls. The aim of the testing was to determine firstly whether these organisations …

Creating Realistic Corpora For Security And Forensic Education, Kam Woods, Christopher A. Lee, Simson Garfinkel, David Dittrich, Adam Russell, Kris Kearton

Annual ADFSL Conference on Digital Forensics, Security and Law

We present work on the design, implementation, distribution, and use of realistic forensic datasets to support digital forensics and security education. We describe in particular the “M57-Patents” scenario, a multi-modal corpus consisting of hard drive images, RAM images, network captures, and images from other devices typically found in forensics investigations such as USB drives and cellphones. Corpus creation has been performed as part of a scripted scenario; subsequently it is less “noisy” than real-world data but retains the complexity necessary to support a wide variety of forensic education activities. Realistic forensic corpora allow direct comparison of approaches and tools across …

Developing A Forensic Continuous Audit Model, Grover S. Kearns, Katherine J. Barker

Annual ADFSL Conference on Digital Forensics, Security and Law

Despite increased attention to internal controls and risk assessment, traditional audit approaches do not seem to be highly effective in uncovering the majority of frauds. Less than 20 percent of all occupational frauds are uncovered by auditors. Forensic accounting has recognized the need for automated approaches to fraud analysis yet research has not examined the benefits of forensic continuous auditing as a method to detect and deter corporate fraud. The purpose of this paper is to show how such an approach is possible. A model is presented that supports the acceptance of forensic continuous auditing by auditors and management as …

Development Of A Distributed Print‐Out Monitoring System For Efficient Forensic Investigation, Satoshi Kai, Tetsutaro Uehara

Annual ADFSL Conference on Digital Forensics, Security and Law

If information leakage occurs, an investigator is instructed to specify what documents were leaked and who leaked them. In the present work, a distributed print-out monitoring system—which consists of a virtual printer driver and print-out policy/log management servers—was developed. For easily matching the discovered (i.e., leaked) paper document with the print-out log, the virtual printer driver acquires full-text of printed-out documents by DDI hooking technique to check the content, transforms a spool file to a picture file and creates both a thumbnail and text log for forensic investigation afterwards. The log size is as only about 0.04 times bigger than …

Mac Os X Forensics: Password Discovery, David Primeaux, Robert Dahlberg, Kamnab Keo, Stephen Larson, B. Pennell, K. Sherman

Annual ADFSL Conference on Digital Forensics, Security and Law

OS X provides a password-rich environment in which passwords protect OS X resources and perhaps many other resources accessed through OS X. Every password an investigator discovers in an OS X environment has the potential for use in discovering other such passwords, and any discovered passwords may also be useful in other aspects of an investigation, not directly related to the OS X environment. This research advises the use of multiple attack vectors in approaching the password problem in an OS X system, including the more generally applicable non-OS X-specific techniques such as social engineering or well-known password cracking techniques …

Software Piracy Forensics: Impact And Implications Of Post‐Piracy Modifications, Vinod Bhattathiripad, S. Santhosh Baboo

Annual ADFSL Conference on Digital Forensics, Security and Law

Piracy is potentially possible at any stage of the lifetime of the software. In a post-piracy situation, however, the growth of the respective versions of the software (both the original and pirated) is expected to be in different directions as a result of expectedly different implementation strategies. This paper shows how such post-piracy modifications are of special interest to a cyber crime expert investigating software piracy and suggests that the present software piracy forensic (or software copyright infringement investigation) approaches require amendments to take in such modifications. For this purpose, the paper also presents a format that is jargon-free, so …

Understanding Issues In Cloud Forensics: Two Hypothetical Case Studies, Josiah Dykstra, Alan T. Sherman

Annual ADFSL Conference on Digital Forensics, Security and Law

The inevitable vulnerabilities and criminal targeting of cloud environments demand an understanding of how digital forensic investigations of the cloud can be accomplished. We present two hypothetical case studies of cloud crimes; child pornography being hosted in the cloud, and a compromised cloudbased website. Our cases highlight shortcomings of current forensic practices and laws. We describe significant challenges with cloud forensics, including forensic acquisition, evidence preservation and chain of custody, and open problems for continued research.

Keywords: Cloud computing, cloud forensics, digital forensics, case studies

A Practitioners Guide To The Forensic Investigation Of Xbox 360 Gaming Consoles, Ashley L. Podhradsky, Rob D’Ovidio, Cindy Casey

Annual ADFSL Conference on Digital Forensics, Security and Law

Given the ubiquitous nature of computing, individuals now have nearly 24-7 access to the internet. People are not just going online through traditional means with a PC anymore, they are now frequently using nontraditional devices such as cell phones, smart phones, and gaming consoles. Given the increased use of gaming consoles for online access, there is also an increased use of gaming consoles to commit criminal activity. The digital forensic community has been tasked with creating new approaches for forensically analyzing gaming consoles. In this research paper the authors demonstrate different tools, both commercial and open source, available to forensically …

Sampling: Making Electronic Discovery More Cost Effective, Milton Luoma, Vicki Luoma

Annual ADFSL Conference on Digital Forensics, Security and Law

With the huge volumes of electronic data subject to discovery in virtually every instance of litigation, time and costs of conducting discovery have become exceedingly important when litigants plan their discovery strategies. Rather than incurring the costs of having lawyers review every document produced in response to a discovery request in search of relevant evidence, a cost effective strategy for document review planning is to use statistical sampling of the database of documents to determine the likelihood of finding relevant evidence by reviewing additional documents. This paper reviews and discusses how sampling can be used to make document review more …

Digital Forensics And The Law, Karon N. Murff, Hugh E. Gardenier, Martha L. Gardenier

Annual ADFSL Conference on Digital Forensics, Security and Law

As computers and digital devices become more entrenched in our way of life, they become tools for both good and nefarious purposes. When the digital world collides with the legal world, a vast chasm is created. This paper will reflect how the legal community is failing to meet its obligation to provide adequate representation due to a lack of education about digital (computer) forensics. Whether in a civil litigation setting or a criminal setting, attorneys, prosecutors and judges have inadequate knowledge when it comes to the important questions they need to ask regarding digital evidence. Reliance on expert witnesses is …