Computer Engineering Commons^™

S.H.O.T. Db (Statistics Help Officer Tactics) – Officer-Involved Shootings Database, Hasan Arslan

Cornerstone 3 Reports : Interdisciplinary Informatics

No abstract provided.

Money Laundering Detection Framework To Link The Disparate And Evolving Schemes, Murad Mehmet, Duminda Wijesekera, Miguel F. Buchholtz

Journal of Digital Forensics, Security and Law

Money launderers hide traces of their transactions with the involvement of entities that participate in sophisticated schemes. Money laundering detection requires unraveling concealed connections among multiple but seemingly unrelated human money laundering networks, ties among actors of those schemes, and amounts of funds transferred among those entities. The link among small networks, either financial or social, is the primary factor that facilitates money laundering. Hence, the analysis of relations among money laundering networks is required to present the full structure of complex schemes. We propose a framework that uses sequence matching, case-based analysis, social network analysis, and complex event processing …

The Taxation Of Cloud Computing And Digital Content, David Shakow

All Faculty Scholarship

“Cloud computing” raises important and difficult questions in state tax law, and for Federal taxes, particularly in the foreign tax area. As cloud computing solutions are adopted by businesses, items we view as tangible are transformed into digital products. In this article, I will describe the problems cloud computing poses for tax systems. I will show how current law is applied to cloud computing and will identify the difficulties current approaches face as they are applied to this developing technology.

My primary interest is how Federal tax law applies to cloud computing, particularly as the new technology affects international transactions. …

A Forensic Study Of The Effectiveness Of Selected Anti-Virus Products Against Ssdt Hooking Rootkits, Sami Al-Shaheri, Dale Lindskog, Pavol Zavarsky, Ron Ruhl

Annual ADFSL Conference on Digital Forensics, Security and Law

For Microsoft Windows Operating Systems, both anti-virus products and kernel rootkits often hook the System Service Dispatch Table (SSDT). This research paper investigates the interaction between these two in terms of the SSDT. To investigate these matters, we extracted digital evidence from volatile memory, and studied that evidence using the Volatility framework. Due to the diversity in detection techniques used by the anti-virus products, and the diversity of infection techniques used by rootkits, our investigation produced diverse results, results that helped us to understand several SSDT hooking strategies, and the interaction between the selected anti-virus products and the rootkit samples. …

An Ontology-Based Forensic Analysis Tool, Mohammed Alzaabi, Andy Jones, Thomas A. Martin

Annual ADFSL Conference on Digital Forensics, Security and Law

The analysis of forensic investigation results has generally been identified as the most complex phase of a digital forensic investigation. This phase becomes more complicated and time consuming as the storage capacity of digital devices is increasing, while at the same time the prices of those devices are decreasing. Although there are some tools and techniques that assist the investigator in the analysis of digital evidence, they do not adequately address some of the serious challenges, particularly with the time and effort required to conduct such tasks. In this paper, we consider the use of semantic web technologies and in …

First Glance: An Introductory Analysis Of Network Forensics Of Tor, Raymond Hansen

Annual ADFSL Conference on Digital Forensics, Security and Law

The Tor network is a low-latency overlay network for TCP flows that is designed to provide privacy and anonymity to its users. It is currently in use by many as a means to avoid censorship of both information to be shared and information to be retrieved. This paper details the architecture of the Tor network as a platform for evaluating the current state of forensic analysis of the Tor network. Specific attempts to block access to the Tor network are examined to identify (a) the processes utilized to identify Tor nodes, and (b) the resulting exposure of potentially inculpatory evidence. …

A Thematic Review Of User Compliance With Information Security Policies Literature, David Sikolia

Annual ADFSL Conference on Digital Forensics, Security and Law

The adoption of computer and internet technology has greatly improved the way businesses operate. However the risk to the confidentiality, integrity and availability of organizational data and systems has greatly increased too. Information security is an ever present concern for all organizations. Financial estimates of the impact of security breaches to information and technology resources range from hundreds of billions to over one trillion dollars each year worldwide (D'Arcy et al., 2011b). Organizations have therefore developed a combination of technical, administrative, and physical controls to reduce this risk (D'Arcy et al., 2011a). Administrative measures include the development of information security …

Journey Into Windows 8 Recovery Artifacts, W. K. Johnson

Annual ADFSL Conference on Digital Forensics, Security and Law

One of the most difficult processes of digital forensics is to understand how new technology interacts with current technology and how digital forensic analysts can utilize current Digital Forensics technologies and processes to recover and find information hidden. Microsoft has released their new operating system Windows 8, with this new release Microsoft has added some features to the operating system that will present some interesting complications to digital forensics. Since the initial release of the Windows 8 Release Candidates there have been some research released that focus primarily on the new user created artifacts and a few artifacts that have …

An Image Forensic Scheme With Robust And Fragile Watermarking For Business Documents, Sai Ho Kwok

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper proposes an image forensic scheme with both robust and fragile watermarking techniques for business documents. Through a dual watermarking approach, the proposed scheme can achieve image forensics objectives of (a) identification of source; (b) authentication of documents; and (c) locating the tempered areas of documents due to attacks. An example is presented to prove the concepts of the proposed scheme.

Keywords: Image Forensics, Fragile and Robust Watermarking, Business Document.

Significance Of Semantic Reconciliation In Digital Forensics, Nickson M. Karie, H. S. Venter

Annual ADFSL Conference on Digital Forensics, Security and Law

Digital forensics (DF) is a growing field that is gaining popularity among many computer professionals, law enforcement agencies and other stakeholders who must always cooperate in this profession. Unfortunately, this has created an environment replete with semantic disparities within the domain that needs to be resolved and/or eliminated. For the purpose of this study, semantic disparity refers to disagreements about the meaning, interpretation, descriptions and the intended use of the same or related data and terminologies. If semantic disparity is not detected and resolved, it may lead to misunderstandings. Even worse, since the people involved may not be from the …

System-Generated Digital Forensic Evidence In Graphic Design Applications, Enos Mabuto, Hein Venter

Annual ADFSL Conference on Digital Forensics, Security and Law

Graphic design applications are often used for the editing and design of digital art. The same applications can be used for creating counterfeit documents such as identity documents (IDs), driver’s licences, passports, etc. However, the use of any graphic design application leaves behind traces of digital information that can be used during a digital forensic investigation. Current digital forensic tools examine a system to find digital evidence, but they do not examine a system specifically for the creating of counterfeit documents created through the use of graphic design applications. The paper in hand reviews the system-generated digital forensic evidence gathered …

Money Laundering Detection Framework To Link The Disparate And Evolving Schemes, Murad Mehmet, Duminda Wijesekera, Miguel F. Buchholtz

Annual ADFSL Conference on Digital Forensics, Security and Law

Money launderers hide traces of their transactions with the involvement of entities that participate in sophisticated schemes. Money laundering detection requires unraveling concealed connections among multiple but seemingly unrelated human money laundering networks, ties among actors of those schemes, and amounts of funds transferred among those entities. The link among small networks, either financial or social, is the primary factor that facilitates money laundering. Hence, the analysis of relations among money laundering networks is required to present the full structure of complex schemes. We propose a framework that uses sequence matching, case-based analysis, social network analysis, and complex event processing …

Identifying Peer-To-Peer Traffic On Shared Wireless Networks, Simon Piel, Ej Jung

Annual ADFSL Conference on Digital Forensics, Security and Law

Tracing contraband downloads leads investigators to an IP address, and in turn Internet Service Providers (ISP) can provide a physical location using this IP address. However, most homes and offices share this IP address among many computers using wireless networks. In other words, there needs to be another investigation to find out which computer was responsible for contraband downloads. To make matters worse, these shared wireless networks often have vulnerabilities in access control such as using WEP or using weak passwords. In such cases, any computer in range, not necessarily at the given physical address, could be responsible. We use …

On Resolving The Cloud Forensics Conundrum, John Bagby

Annual ADFSL Conference on Digital Forensics, Security and Law

The “cloud” is idiom for an ill-defined set of online services. The cloud simultaneously offers IT savings and promises advances in functionality (e.g., ubiquity). However, the cloud also imposes poorly understood burdens on security and it may provoke injustice. Thus, the cloud presents a durable and seemingly irreconcilable conundrum for the digital forensics communit(ies). First, cloud proponents make efficiency promises for cloud services (SaaS, IaaS, PaaS). These translate well into the digital forensics domain. Indeed, the cloud may enable crowd sourcing of investigatory data vastly lowering costs of dispute resolution. For example, cloud-based litigation war rooms may reduce electronic discovery …

Cybercrime And Punishment: An Analysis Of The Deontological And Utilitarian Functions Of Punishment In The Information Age, Karim Jetha

Annual ADFSL Conference on Digital Forensics, Security and Law

This conceptual piece analyzes the role of criminal punishment and the nature of cyber crime to investigate whether the current punishment schemes are appropriate given the deontological and utilitarian goals of punishment: retribution, deterrence, incapacitation, and rehabilitation. The research has implications for policymaking in cybercriminal law.

Keywords: cybercrime, criminal law, punishment, retribution, deterrence, information economics

The Development Of Computer Forensic Legal System In China, Yonghao Mai, K. P. Chow, Rongsheng Xu, Gang Zhou, Fei Xu, Jun Zhang

Annual ADFSL Conference on Digital Forensics, Security and Law

The computer forensic discipline was established around 2000 in China, which was further developed along with Chinese judicial appraisal system in 2005. The new criminal and civil procedure laws of the People’s Republic of China was enacted on 1 Jan 2013. The new laws specified electronic data is legal evidence and has great impact on the current practice on handling electronic evidence. This paper introduces the electronic data and electronic evidence examination procedure in mainland China, the general concept of computer forensic legal system, the management of computer judicial experts, the management of computer judicial expertise institutions.

Keywords: China legal …

On High-Performance Parallel Decimal Fixed-Point Multiplier Designs, Ming Zhu

College of Engineering: Graduate Celebration Programs

Decimal computations are required in finance, and etc.

• Precise representation for decimals (E.g. 0.2, 0.7… )
• Performance Requirements (Software simulations are very slow)

Don't Panic: The Lawyer’S Guide To Making Your Own Mobile App, Jason Tubinis

Continuing Legal Education Presentations

Provides overview of steps used to create a personal mobile app.

Appapalooza: Valuable Legal And Productivity Apps For Your Smart Phone Or Tablet, Tj Striepe

Continuing Legal Education Presentations

Presents helpful tools and programs to make legal research and general office work more efficient and portable.

To Internet Or Not To Internet: Ethics Opinions On Internet Usage, Sharon Bradley

Continuing Legal Education Presentations

Considers the ethical implications of using email to communicate with clients, using cloud storage for legal files, and tracking people related to a case via the Internet . Highlights recent state bar ethics committee decisions.

Automating Vendor Fraud Detection In Enterprise Systems, Kishore Singh, Peter Best, Joseph Mula

Journal of Digital Forensics, Security and Law

Fraud is a multi-billion dollar industry that continues to grow annually. Many organizations are poorly prepared to prevent and detect fraud. Fraud detection strategies are intended to quickly and efficiently identify fraudulent activities that circumvent preventative measures. In this paper, we adopt a DesignScience methodological framework to develop a model for detection of vendor fraud based on analysis of patterns or signatures identified in enterprise system audit trails. The concept is demonstrated by developing prototype software. Verification of the prototype is achieved by performing a series of experiments. Validation is achieved by independent reviews from auditing practitioners. Key findings of …

Technology Corner Visualising Forensic Data: Evidence (Part 1), Damian Schofield, Ken Fowle

Journal of Digital Forensics, Security and Law

Visualisation is becoming increasingly important for understanding information, such as investigative data (for example: computing, medical and crime scene evidence) and analysis (for example: network capability assessment, data file reconstruction and planning scenarios). Investigative data visualisation is used to reconstruct a scene or item and is used to assist the viewer (who may well be a member of the general public with little or no understanding of the subject matter) to understand what is being presented. Analysis visualisations, on the other hand, are usually developed to review data, information and assess competing scenario hypotheses for those who usually have an …

A Simple Experiment With Microsoft Office 2010 And Windows 7 Utilizing Digital Forensic Methodology, Gregory H. Carlton

Journal of Digital Forensics, Security and Law

Digital forensic examiners are tasked with retrieving data from digital storage devices, and frequently these examiners are expected to explain the circumstances that led to the data being in its current state. Through written reports or verbal, expert testimony delivered in court, digital forensic examiners are expected to describe whether data have been altered, and if so, then to what extent have data been altered. Addressing these expectations results from opinions digital forensic examiners reach concerning their understanding of electronic storage and retrieval methods. The credibility of these opinions evolves from the scientific basis from which they are drawn using …

Information Security Challenge Of Qr Codes, Nik Thompson, Kevin Lee

Journal of Digital Forensics, Security and Law

The discipline of information security must adapt to new technologies and methods of interaction with those technologies. New technologies present both challenges and opportunities for the security professional, especially for areas such as digital forensics. Challenges can be in the form of new devices such as smartphones or new methods of sharing information, such as social networks. One such rapidly emerging interaction technology is the use of Quick Response (QR) codes. These offer a physical mechanism for quick access to Web sites for advertising and social interaction. This paper argues that the common implementation of QR codes potentially presents security …

Book Review: Placing The Suspect Behind The Keyboard: Using Digital Forensics And Investigative Techniques To Identify Cybercrime Suspects, Thomas Nash

Journal of Digital Forensics, Security and Law

In this must read for any aspiring novice cybercrime investigator as well as the seasoned professional computer guru alike, Brett Shaver takes the reader into the ever changing and dynamic world of Cybercrime investigation. Shaver, an experienced criminal investigator, lays out the details and intricacies of a computer related crime investigation in a clear and concise manner in his new easy to read publication, Placing the Suspect behind the Keyboard. Using Digital Forensics and Investigative techniques to Identify Cybercrime Suspects. Shaver takes the reader from start to finish through each step of the investigative process in well organized …

Technology Corner: Visualising Forensic Data: Evidence Guidelines (Part 2), Damian Schofield, Ken Fowle

Journal of Digital Forensics, Security and Law

Visualisation is becoming increasingly important for understanding information, such as investigative data (for example: computing, medical and crime scene evidence) and analysis (for example, network capability assessment, data file reconstruction and planning scenarios). Investigative data visualisation is used to reconstruct a scene or item and is used to assist the viewer (who may well be a member of the general public with little or no understanding of the subject matter) to understand what is being presented. Analysis visualisations, on the other hand, are usually developed to review data, information and assess competing scenario hypotheses for those who usually have an …

Risk Management Of Email And Internet Use In The Workplace, John Ruhnka, Windham E. Loopesko

Journal of Digital Forensics, Security and Law

The article surveys the changing risk environment for corporations from their employees’ electronic communications. It identifies the types of liabilities that corporations can incur from such employee communications. It discusses the objectives of corporate internet use policies and the types of provisions such policies should contain. It suggests an alternative risk-based approach to corporate acceptable use policies instead of a traditional “laundry list” of internet use prohibitions.

How Often Is Employee Anger An Insider Risk Ii? Detecting And Measuring Negative Sentiment Versus Insider Risk In Digital Communications–Comparison Between Human Raters And Psycholinguistic Software, Eric Shaw, Maria Payri, Michael Cohn, Ilene R. Shaw

Journal of Digital Forensics, Security and Law

This research uses two recently introduced observer rating scales, (Shaw et al., 2013) for the identification and measurement of negative sentiment (the Scale for Negativity in Text or SNIT) and insider risk (Scale of Indicators of Risk in Digital Communication or SIRDC) in communications to test the performance of psycholinguistic software designed to detect indicators of these risk factors. The psycholinguistic software program, WarmTouch (WT), previously used for investigations, appeared to be an effective means for locating communications scored High or Medium in negative sentiment by the SNIT or High in insider risk by the SIRDC within a randomly selected …

Trends In Android Malware Detection, Kaveh Shaerpour, Ali Dehghantanha, Ramlan Mahmod

Journal of Digital Forensics, Security and Law

This paper analyzes different Android malware detection techniques from several research papers, some of these techniques are novel while others bring a new perspective to the research work done in the past. The techniques are of various kinds ranging from detection using host based frameworks and static analysis of executable to feature extraction and behavioral patterns. Each paper is reviewed extensively and the core features of each technique are highlighted and contrasted with the others. The challenges faced during the development of such techniques are also discussed along with the future prospects for Android malware detection. The findings of the …

Science Column: Reconstruction: The Experimental Side Of Digital Forensics, Fred Cohen

Journal of Digital Forensics, Security and Law

Many in digital forensics seem to forget that the science part of digital forensics means experimentation and that implies a whole lot of things that most practitioners never learned.