Open Access. Powered by Scholars. Published by Universities.®
- Publication
- Publication Type
Articles 1 - 15 of 15
Full-Text Articles in Computer Engineering
A Method And A Case Study For The Selection Of The Best Available Tool For Mobile Device Forensics Using Decision Analysis, Shahzad Saleem, Oliver Popov, Ibrahim Baggili
A Method And A Case Study For The Selection Of The Best Available Tool For Mobile Device Forensics Using Decision Analysis, Shahzad Saleem, Oliver Popov, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
The omnipresence of mobile devices (or small scale digital devices - SSDD) and more importantly the utility of their associated applications for our daily activities, which range from financial transactions to learning, and from entertainment to distributed social presence, create an abundance of digital evidence for each individual. Some of the evidence may be a result of illegal activities that need to be identified, understood and eventually prevented in the future. There are numerous tools for acquiring and analyzing digital evidence extracted from mobile devices. The diversity of SSDDs, types of evidence generated and the number of tools used to …
Digital Forensics In Law Enforcement: A Needs Based Analysis Of Indiana Agencies, Teri A. Cummins Flory
Digital Forensics In Law Enforcement: A Needs Based Analysis Of Indiana Agencies, Teri A. Cummins Flory
Journal of Digital Forensics, Security and Law
Cyber crime is a growing problem, with the impact to society increasing exponentially, but the ability of local law enforcement agencies to investigate and successfully prosecute criminals for these crimes is unclear. Many national needs assessments have previously been conducted, and all indicated that state and local law enforcement did not have the training, tools, or staff to effectively conduct digital investigations, but very few have been completed recently. This study provided a current and localized assessment of the ability of Indiana law enforcement agencies to effectively investigate crimes involving digital evidence, the availability of training for both law enforcement …
Understanding Computer Forensics Requirements In China Via The “Panda Burning Incense” Virus Case, Frank Law, K. P. Chow, Y. H. Mai
Understanding Computer Forensics Requirements In China Via The “Panda Burning Incense” Virus Case, Frank Law, K. P. Chow, Y. H. Mai
Journal of Digital Forensics, Security and Law
In March 2012, Mainland China has amended its Criminal Procedure Law, which includes the introduction of a new type of evidence, i.e., digital evidence, to the court of law. To better understand the development of computer forensics and digital evidence in Mainland China, this paper discusses the Chinese legal system in relation to digital investigation and how the current legal requirements affect the existing legal and technical usage of digital evidence at legal proceedings. Through studying the famous “Panda Burning Incense (Worm.WhBoy.cw)” virus case that happened in 2007, this paper aims to provide a better understanding of how to properly …
Leveraging Decentralization To Extend The Digital Evidence Acquisition Window: Case Study On Bittorrent Sync, Mark Scanlon, Jason Farina, Nhien A. Khac, Tahar Kechadi
Leveraging Decentralization To Extend The Digital Evidence Acquisition Window: Case Study On Bittorrent Sync, Mark Scanlon, Jason Farina, Nhien A. Khac, Tahar Kechadi
Journal of Digital Forensics, Security and Law
File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today’s always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect’s computer or mobile device. A methodology for the identification, investigation, recovery and verification …
Relating Admissibility Standards For Digital Evidence To Attack Scenario Reconstruction, Changwei Liu, Anoop Singhal, Duminda Wijesekera
Relating Admissibility Standards For Digital Evidence To Attack Scenario Reconstruction, Changwei Liu, Anoop Singhal, Duminda Wijesekera
Journal of Digital Forensics, Security and Law
Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to address the admissibility requirements by creating most probable attack scenarios that satisfy admissibility standards for substantiating evidence. Using a prototype implementation, we show how evidence extracted by using forensic tools can be integrated with legal reasoning to reconstruct …
Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practice, Shahzad Saleem, Ibrahim Baggili, Oliver Popov
Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practice, Shahzad Saleem, Ibrahim Baggili, Oliver Popov
Journal of Digital Forensics, Security and Law
In this work, a survey was conducted to help quantify the relevance of nineteen types of evidence (such as SMS) to seven types of digital investigations associated with mobile devices (MD) (such as child pornography). 97 % of the respondents agreed that every type of digital evidence has a different level of relevance to further or solve a particular investigation. From 55 serious participants, a dataset of 5,772 responses regarding the relevance of nineteen types of digital evidence for all the seven types of digital investigations was obtained. The results showed that (i) SMS belongs to the most relevant type …
Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practices, Shahzad Saleem, Ibrahim Baggili, Oliver Popov
Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practices, Shahzad Saleem, Ibrahim Baggili, Oliver Popov
Electrical & Computer Engineering and Computer Science Faculty Publications
In this work, a survey was conducted to help quantify the relevance of nineteen types of evidence (such as SMS) to seven types of digital investigations associated with mobile devices (MD) (such as child pornography). 97 % of the respondents agreed that every type of digital evidence has a different level of relevance to further or solve a particular investigation. From 55 serious participants, a data set of 5,772 responses regarding the relevance of nineteen types of digital evidence for all the seven types of digital investigations was obtained. The results showed that (i) SMS belongs to the most relevant …
System-Generated Digital Forensic Evidence In Graphic Design Applications, Enos Mabuto, Hein Venter
System-Generated Digital Forensic Evidence In Graphic Design Applications, Enos Mabuto, Hein Venter
Journal of Digital Forensics, Security and Law
Graphic design applications are often used for the editing and design of digital art. The same applications can be used for creating counterfeit documents such as identity documents (IDs), driver’s licences, passports, etc. However, the use of any graphic design application leaves behind traces of digital information that can be used during a digital forensic investigation. Current digital forensic tools examine a system to find digital evidence, but they do not examine a system specifically for the creating of counterfeit documents created through the use of graphic design applications. The paper in hand reviews the system-generated digital forensic evidence gathered …
Pandora’S Email Box? An Exploratory Study Of Web-Based Email Forgery Detection And Validation., Richard Boddington, Grant Boxall, Jeremy Ardley
Pandora’S Email Box? An Exploratory Study Of Web-Based Email Forgery Detection And Validation., Richard Boddington, Grant Boxall, Jeremy Ardley
Journal of Digital Forensics, Security and Law
Web based email systems may be a source of pristine digital evidence because of the perceived difficulty of client tampering with messages stored inside the email account. We demonstrate that such assumption is wrong in the case of Windows Live Hotmail®1 . Windows Live Mail®1 synchronises message on client-side computers with the Hotmail® server, benefiting users wishing to synchronise their email accounts and personal devices. However, this synchronisation opens an exploit for wrongdoers to tamper with existing email messages and attachments as well as facilitating the insertion of fabricated messages. The exploit process enables persistent storage of tampered and fabricated …
Extraction Of Electronic Evidence From Voip: Identification & Analysis Of Digital Speech, David Irwin, Arek Dadej, Jill Slay
Extraction Of Electronic Evidence From Voip: Identification & Analysis Of Digital Speech, David Irwin, Arek Dadej, Jill Slay
Journal of Digital Forensics, Security and Law
The Voice over Internet Protocol (VoIP) is increasing in popularity as a cost effective and efficient means of making telephone calls via the Internet. However, VoIP may also be an attractive method of communication to criminals as their true identity may be hidden and voice and video communications are encrypted as they are deployed across the Internet. This produces a new set of challenges for forensic analysts compared with traditional wire-tapping of the Public Switched Telephone Network (PSTN) infrastructure, which is not applicable to VoIP. Therefore, other methods of recovering electronic evidence from VoIP are required. This research investigates the …
Extraction Of Electronic Evidence From Voip: Forensic Analysis Of A Virtual Hard Disk Vs Ram, David Irwin, Jill Slay, Arek Dadej, Malcolm Shore
Extraction Of Electronic Evidence From Voip: Forensic Analysis Of A Virtual Hard Disk Vs Ram, David Irwin, Jill Slay, Arek Dadej, Malcolm Shore
Journal of Digital Forensics, Security and Law
The popularity of Voice over the Internet Protocol (VoIP) is increasing as the cost savings and ease of use is realised by a wide range of home and corporate users. However, the technology is also attractive to criminals. This is because VoIP is a global telephony service, in which it is difficult to verify the user’s identification. The security of placing such calls may also be appealing to criminals, as many implementations use strong encryption to secure both the voice payload as well as to control messages making monitoring such VoIP calls difficult since conventional methods such as wire-tapping is …
Judges’ Awareness, Understanding, And Application Of Digital Evidence, Gary C. Kessler
Judges’ Awareness, Understanding, And Application Of Digital Evidence, Gary C. Kessler
Journal of Digital Forensics, Security and Law
As digital evidence grows in both volume and importance in criminal and civil courts, judges need to fairly and justly evaluate the merits of the offered evidence. To do so, judges need a general understanding of the underlying technologies and applications from which digital evidence is derived. Due to the relative newness of the computer forensics field, there have been few studies on the use of digital forensic evidence and none about judges’ relationship with digital evidence. This paper describes a recent study, using grounded theory methods, into judges’ awareness, knowledge, and perceptions of digital evidence. This study is the …
Solid State Drives: The Beginning Of The End For Current Practice In Digital Forensic Recovery?, Graeme B. Bell, Richard Boddington
Solid State Drives: The Beginning Of The End For Current Practice In Digital Forensic Recovery?, Graeme B. Bell, Richard Boddington
Journal of Digital Forensics, Security and Law
Digital evidence is increasingly relied upon in computer forensic examinations and legal proceedings in the modern courtroom. The primary storage technology used for digital information has remained constant over the last two decades, in the form of the magnetic disc. Consequently, investigative, forensic, and judicial procedures are well-established for magnetic disc storage devices (Carrier, 2005). However, a paradigm shift has taken place in technology storage and complex, transistor-based devices for primary storage are now increasingly common. Most people are aware of the transition from portable magnetic floppy discs to portable USB transistor flash devices, yet the transition from magnetic hard …
Developing A Process Model For The Forensic Extraction Of Information From Desktop Search, Timothy Pavlic, Jill Slay, Benjamin Turnbull
Developing A Process Model For The Forensic Extraction Of Information From Desktop Search, Timothy Pavlic, Jill Slay, Benjamin Turnbull
Journal of Digital Forensics, Security and Law
Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of …
Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota
Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota
Journal of Digital Forensics, Security and Law
With the proliferation of digital based evidence, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. In many investigations critical information is required while at the scene or within a short period of time - measured in hours as opposed to days. The traditional cyber forensics approach of seizing a system(s)/media, transporting it to the lab, making a forensic image(s), and then searching the entire system for potential evidence, is no longer appropriate in some circumstances. In cases such as child abductions, pedophiles, missing or exploited persons, time is of the essence. In …