Computer Engineering Commons^™

Ios Mobile Device Forensics: Initial Analysis, Rita M. Barrios, Michael R. Lehrfeld

Annual ADFSL Conference on Digital Forensics, Security and Law

The ability to recover forensic artifacts from mobile devices is proving to be an ever-increasing challenge for investigators. Coupling this with the ubiquity of mobile devices and the increasing complexity and processing power they contain results in a reliance on them by suspects. In investigating Apple’s iOS devices -- namely the iPhone and iPad -- an investigator’s challenges are increased due to the closed nature of the platforms. What is left is an extremely powerful and complex mobile tool that is inexpensive, small, and can be used in suspect activities. Little is known about the internal data structures of the …

Forensic Analysis Of Smartphones: The Android Data Extractor Lite (Adel), Felix Freiling, Michael Spreitzenbarth, Sven Schmitt

Annual ADFSL Conference on Digital Forensics, Security and Law

Due to the ubiquitous use of smartphones, these devices become an increasingly important source of digital evidence in forensic investigations. Thus, the recovery of digital traces from smartphones often plays an essential role for the examination and clarification of the facts in a case. Although some tools already exist regarding the examination of smartphone data, there is still a strong demand to develop further methods and tools for forensic extraction and analysis of data that is stored on smartphones. In this paper we describe specifications of smartphones running Android. We further introduce a newly developed tool – called ADEL – …

Survey On Cloud Forensics And Critical Criteria For Cloud Forensic Capability: A Preliminary Analysis, Keyun Ruan, Ibrahim Baggili, Joe Carthy, Tahar Kechadi

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper we present the current results and analysis of the survey “Cloud forensics and critical criteria for cloud forensic capability” carried out towards digital forensic experts and practitioners. This survey was created in order to gain a better understanding on some of the key questions of the new field - cloud forensics - before further research and development. We aim to understand concepts such as its definition, the most challenging issues, most valuable research directions, and the critical criteria for cloud forensic capability.

Keywords: Cloud Forensics, Cloud Computing, Digital Forensics, Survey, Cloud Forensic Capability

Kindle Forensics: Acquisition & Analysis, Peter Hannay

Annual ADFSL Conference on Digital Forensics, Security and Law

The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.

Keywords: forensics, digital forensics, kindle, mobile, embedded, ebook, ereader

Aacsb‐Accredited Schools’ Adoption Of Information Security Curriculum, Linda Lau, Cheryl Davis

Annual ADFSL Conference on Digital Forensics, Security and Law

The need to professionally and successfully conduct computer forensic investigations of incidents has never been greater. This has launched an increasing demand for a skilled computer security workforce (Locasto, et al., 2011). This paper examines the extent to which AACSB-accredited universities located in Virginia, Maryland and Washington, D.C. are working towards providing courses that will meet this demand. The authors conduct an online research of the information security courses and programs offered by the 27 AACSB-accredited business schools in the selected area.

The preliminary investigation revealed that eight of the 27 participating universities did not offer any courses in cybersecurity, …

Digital Forensics Investigation In A Collegiate Environment, Robert E. Johnston

Annual ADFSL Conference on Digital Forensics, Security and Law

Creating, building, managing a cost effective digital forensics lab including a team of qualified examiners can be a challenge for colleges [1] with multiple campuses in multiple towns, counties and states. Leaving such examination responsibilities to each of the campuses results in not only disparity in the results but more than likely excessive duplication of efforts as well as the potential for compromise of evidence. Centralizing the forensic efforts results in a team that is not subject to the political pressures of a campus and virtually eliminates the possibility of examiner favoritism. Learn what it takes to create a cost …

Backtrack In The Outback - A Preliminary Report On Cyber Security Evaluation Of Organisations In Western Australia, Craig Valli, Andrew Woodward, Peter Hannay

Annual ADFSL Conference on Digital Forensics, Security and Law

The authors were involved in extensive vulnerability assessment and penetration testing of over 15 large organisations across various industry sectors in the Perth CBD. The actual live testing involved a team of five people for approximately a four week period, and was black box testing. The scanning consisted of running network and web vulnerability tools, and in a few cases, exploiting vulnerability to establish validity of the tools. The tools were run in aggressive mode with no attempt made to deceive or avoid detection by IDS/IPS or firewalls. The aim of the testing was to determine firstly whether these organisations …

Creating Realistic Corpora For Security And Forensic Education, Kam Woods, Christopher A. Lee, Simson Garfinkel, David Dittrich, Adam Russell, Kris Kearton

Annual ADFSL Conference on Digital Forensics, Security and Law

We present work on the design, implementation, distribution, and use of realistic forensic datasets to support digital forensics and security education. We describe in particular the “M57-Patents” scenario, a multi-modal corpus consisting of hard drive images, RAM images, network captures, and images from other devices typically found in forensics investigations such as USB drives and cellphones. Corpus creation has been performed as part of a scripted scenario; subsequently it is less “noisy” than real-world data but retains the complexity necessary to support a wide variety of forensic education activities. Realistic forensic corpora allow direct comparison of approaches and tools across …

Developing A Forensic Continuous Audit Model, Grover S. Kearns, Katherine J. Barker

Annual ADFSL Conference on Digital Forensics, Security and Law

Despite increased attention to internal controls and risk assessment, traditional audit approaches do not seem to be highly effective in uncovering the majority of frauds. Less than 20 percent of all occupational frauds are uncovered by auditors. Forensic accounting has recognized the need for automated approaches to fraud analysis yet research has not examined the benefits of forensic continuous auditing as a method to detect and deter corporate fraud. The purpose of this paper is to show how such an approach is possible. A model is presented that supports the acceptance of forensic continuous auditing by auditors and management as …

Development Of A Distributed Print‐Out Monitoring System For Efficient Forensic Investigation, Satoshi Kai, Tetsutaro Uehara

Annual ADFSL Conference on Digital Forensics, Security and Law

If information leakage occurs, an investigator is instructed to specify what documents were leaked and who leaked them. In the present work, a distributed print-out monitoring system—which consists of a virtual printer driver and print-out policy/log management servers—was developed. For easily matching the discovered (i.e., leaked) paper document with the print-out log, the virtual printer driver acquires full-text of printed-out documents by DDI hooking technique to check the content, transforms a spool file to a picture file and creates both a thumbnail and text log for forensic investigation afterwards. The log size is as only about 0.04 times bigger than …

Mac Os X Forensics: Password Discovery, David Primeaux, Robert Dahlberg, Kamnab Keo, Stephen Larson, B. Pennell, K. Sherman

Annual ADFSL Conference on Digital Forensics, Security and Law

OS X provides a password-rich environment in which passwords protect OS X resources and perhaps many other resources accessed through OS X. Every password an investigator discovers in an OS X environment has the potential for use in discovering other such passwords, and any discovered passwords may also be useful in other aspects of an investigation, not directly related to the OS X environment. This research advises the use of multiple attack vectors in approaching the password problem in an OS X system, including the more generally applicable non-OS X-specific techniques such as social engineering or well-known password cracking techniques …

Software Piracy Forensics: Impact And Implications Of Post‐Piracy Modifications, Vinod Bhattathiripad, S. Santhosh Baboo

Annual ADFSL Conference on Digital Forensics, Security and Law

Piracy is potentially possible at any stage of the lifetime of the software. In a post-piracy situation, however, the growth of the respective versions of the software (both the original and pirated) is expected to be in different directions as a result of expectedly different implementation strategies. This paper shows how such post-piracy modifications are of special interest to a cyber crime expert investigating software piracy and suggests that the present software piracy forensic (or software copyright infringement investigation) approaches require amendments to take in such modifications. For this purpose, the paper also presents a format that is jargon-free, so …

Understanding Issues In Cloud Forensics: Two Hypothetical Case Studies, Josiah Dykstra, Alan T. Sherman

Annual ADFSL Conference on Digital Forensics, Security and Law

The inevitable vulnerabilities and criminal targeting of cloud environments demand an understanding of how digital forensic investigations of the cloud can be accomplished. We present two hypothetical case studies of cloud crimes; child pornography being hosted in the cloud, and a compromised cloudbased website. Our cases highlight shortcomings of current forensic practices and laws. We describe significant challenges with cloud forensics, including forensic acquisition, evidence preservation and chain of custody, and open problems for continued research.

Keywords: Cloud computing, cloud forensics, digital forensics, case studies

A Practitioners Guide To The Forensic Investigation Of Xbox 360 Gaming Consoles, Ashley L. Podhradsky, Rob D’Ovidio, Cindy Casey

Annual ADFSL Conference on Digital Forensics, Security and Law

Given the ubiquitous nature of computing, individuals now have nearly 24-7 access to the internet. People are not just going online through traditional means with a PC anymore, they are now frequently using nontraditional devices such as cell phones, smart phones, and gaming consoles. Given the increased use of gaming consoles for online access, there is also an increased use of gaming consoles to commit criminal activity. The digital forensic community has been tasked with creating new approaches for forensically analyzing gaming consoles. In this research paper the authors demonstrate different tools, both commercial and open source, available to forensically …

Sampling: Making Electronic Discovery More Cost Effective, Milton Luoma, Vicki Luoma

Annual ADFSL Conference on Digital Forensics, Security and Law

With the huge volumes of electronic data subject to discovery in virtually every instance of litigation, time and costs of conducting discovery have become exceedingly important when litigants plan their discovery strategies. Rather than incurring the costs of having lawyers review every document produced in response to a discovery request in search of relevant evidence, a cost effective strategy for document review planning is to use statistical sampling of the database of documents to determine the likelihood of finding relevant evidence by reviewing additional documents. This paper reviews and discusses how sampling can be used to make document review more …

Digital Forensics And The Law, Karon N. Murff, Hugh E. Gardenier, Martha L. Gardenier

Annual ADFSL Conference on Digital Forensics, Security and Law

As computers and digital devices become more entrenched in our way of life, they become tools for both good and nefarious purposes. When the digital world collides with the legal world, a vast chasm is created. This paper will reflect how the legal community is failing to meet its obligation to provide adequate representation due to a lack of education about digital (computer) forensics. Whether in a civil litigation setting or a criminal setting, attorneys, prosecutors and judges have inadequate knowledge when it comes to the important questions they need to ask regarding digital evidence. Reliance on expert witnesses is …

Extraction Of Electronic Evidence From Voip: Forensic Analysis Of A Virtual Hard Disk Vs Ram, David Irwin, Jill Slay, Arek Dadej, Malcolm Shore

Journal of Digital Forensics, Security and Law

The popularity of Voice over the Internet Protocol (VoIP) is increasing as the cost savings and ease of use is realised by a wide range of home and corporate users. However, the technology is also attractive to criminals. This is because VoIP is a global telephony service, in which it is difficult to verify the user’s identification. The security of placing such calls may also be appealing to criminals, as many implementations use strong encryption to secure both the voice payload as well as to control messages making monitoring such VoIP calls difficult since conventional methods such as wire-tapping is …

Book Review: Ios Forensic Analysis: For Iphone, Ipad And Ipod Touch, Christopher Schulte

Journal of Digital Forensics, Security and Law

As Digital Forensics practitioners, we know that our discipline is constantly evolving. Keeping abreast means we need to continually refine and broaden our knowledge pools through experience, education, research, peer exchange, and more. Mobile device forensics can be especially dynamic and challenging. With multiple standards in place at the hardware, operating system, and user interface levels, it can be daunting to preserve, analyze, search and report on these tiny yet ubiquitous hand-held computers. Apple Computer’s line of mobile products (iOS devices - iPhone, iPad, iPod Touch) is no exception to this rule.

Sampling: Making Electronic Discovery More Cost Effective, Milton Luoma, Vicki Luoma

Journal of Digital Forensics, Security and Law

With the huge volumes of electronic data subject to discovery in virtually every instance of litigation, time and costs of conducting discovery have become exceedingly important when litigants plan their discovery strategies. Rather than incurring the costs of having lawyers review every document produced in response to a discovery request in search of relevant evidence, a cost effective strategy for document review planning is to use statistical sampling of the database of documents to determine the likelihood of finding relevant evidence by reviewing additional documents. This paper reviews and discusses how sampling can be used to make document review more …

Column: Every Last Byte, Simson Garfinkel

Journal of Digital Forensics, Security and Law

Inheritance powder is the name that was given to poisons, especially arsenic, that were commonly used in the 17th and early 18th centuries to hasten the death of the elderly. For most of the 17th century, arsenic was deadly but undetectable, making it nearly impossible to prove that someone had been poisoned. The first arsenic test produced a gas—hardly something that a scientist could show to a judge. Faced with a growing epidemic of poisonings, doctors and chemists spent decades searching for something better

A Case Study In Forensic Analysis Of Control, Fred Cohen

Journal of Digital Forensics, Security and Law

This paper describes a case study in which a method for forensic analysis of control was applied to resolve probative technical issues in a legal action. It describes one instance in which the analysis was successfully applied without challenge, addresses the details of most of the different facets of the analysis method, and demonstrates how such analysis provides a systematic approach to using technical methods to address legal issues as a case study.

Judges’ Awareness, Understanding, And Application Of Digital Evidence, Gary C. Kessler

Journal of Digital Forensics, Security and Law

As digital evidence grows in both volume and importance in criminal and civil courts, judges need to fairly and justly evaluate the merits of the offered evidence. To do so, judges need a general understanding of the underlying technologies and applications from which digital evidence is derived. Due to the relative newness of the computer forensics field, there have been few studies on the use of digital forensic evidence and none about judges’ relationship with digital evidence. This paper describes a recent study, using grounded theory methods, into judges’ awareness, knowledge, and perceptions of digital evidence. This study is the …

Technology Corner: Analysing E-Mail Headers For Forensic Investigation, M. T. Banday

Journal of Digital Forensics, Security and Law

Electronic Mail (E-Mail), which is one of the most widely used applications of Internet, has become a global communication infrastructure service. However, security loopholes in it enable cybercriminals to misuse it by forging its headers or by sending it anonymously for illegitimate purposes, leading to e-mail forgeries. E-mail messages include transit handling envelope and trace information in the form of structured fields which are not stripped after messages are delivered, leaving a detailed record of e-mail transactions. A detailed header analysis can be used to map the networks traversed by messages, including information on the messaging software and patching policies …

Kindle Forensics: Acquisition & Analysis, Peter Hannay

Journal of Digital Forensics, Security and Law

The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.

Column: The Consortium Of Digital Forensics Specialists (Cdfs), Christopher Kelly

Journal of Digital Forensics, Security and Law

Digital forensic practitioners are faced with an extraordinary opportunity. In fact, we may never again be faced with such an opportunity, and this opportunity will challenge us in ways we may never again be challenged. At this point in the history of the Digital Forensics profession, digital forensic specialists have the unique opportunity to help this profession emerge from its infancy. But for this profession to mature -- and to flourish -- individuals and organizations integral to the practice must assemble and shape its future. This is our opportunity. In fact, this is our mandate.

Developing A Forensic Continuous Audit Model, Grover S. Kearns, Katherine J. Barker, Stephen P. Danese

Journal of Digital Forensics, Security and Law

Despite increased attention to internal controls and risk assessment, traditional audit approaches do not seem to be highly effective in uncovering the majority of frauds. Less than 20 percent of all occupational frauds are uncovered by auditors. Forensic accounting has recognized the need for automated approaches to fraud analysis yet research has not examined the benefits of forensic continuous auditing as a method to detect and deter corporate fraud. The purpose of this paper is to show how such an approach is possible. A model is presented that supports the acceptance of forensic continuous auditing by auditors and management as …

Column: The Physics Of Digital Information, Fred Cohen

Journal of Digital Forensics, Security and Law

No abstract provided.

Analysis Of Data Remaining On Second Hand Adsl Routers, Patryk Szewczyk

Journal of Digital Forensics, Security and Law

In theory, an ADSL router can provide an additional layer of security to a wired and wireless network through; access control, wireless encryption, firewall rule sets, and network event logging. An ADSL router may also contain the users’ usage habits and broadband account credentials. However, end-users may be unaware of the intricacies of the security measures available and the potentially confidential information stored on their device. As a result a second hand ADSL router may contain a wealth of user-specific information if not wiped and disposed of in a secure manner. This paper shows the data that was acquired from …

Exploring The Iphone Backup Made By Itunes, Mario Piccinelli, Paolo Gubian

Journal of Digital Forensics, Security and Law

Apple’s™ iPhone™ is one of the widest selling mobile on the market, thanks to its simple and user-friendly interface and ever growing pool of available high quality applications for both personal and business use. The increasing use of the iPhone leads forensics practitioners towards the need for tools to access and analyze the information stored in the device. This research aims at describing the process to forensically analyze a logical backup of an iPhone made by the Apple iTunes™ utility, understanding the backup’s structure, and creating a simple tool to automate the process of decoding and analyzing the data. In …

Book Review: Online Privacy: Issues In The Digital Age, Darlene M. Tester

Journal of Digital Forensics, Security and Law

This book is one of a series of books Currie has written about online areas of concern. This is the sixth book in the series. The purpose of the book is to act as a primer for people in the IT field who may need a point of reference for Internet issues such as gaming, security and privacy. The book takes a high level look at the complexities of privacy online from social networking to hackers and provides insight into what the most pressing issues of privacy are online today.