Computer Engineering Commons^™

Money Laundering Detection Framework To Link The Disparate And Evolving Schemes, Murad Mehmet, Duminda Wijesekera, Miguel F. Buchholtz

Journal of Digital Forensics, Security and Law

Money launderers hide traces of their transactions with the involvement of entities that participate in sophisticated schemes. Money laundering detection requires unraveling concealed connections among multiple but seemingly unrelated human money laundering networks, ties among actors of those schemes, and amounts of funds transferred among those entities. The link among small networks, either financial or social, is the primary factor that facilitates money laundering. Hence, the analysis of relations among money laundering networks is required to present the full structure of complex schemes. We propose a framework that uses sequence matching, case-based analysis, social network analysis, and complex event processing …

A Forensic Study Of The Effectiveness Of Selected Anti-Virus Products Against Ssdt Hooking Rootkits, Sami Al-Shaheri, Dale Lindskog, Pavol Zavarsky, Ron Ruhl

Annual ADFSL Conference on Digital Forensics, Security and Law

For Microsoft Windows Operating Systems, both anti-virus products and kernel rootkits often hook the System Service Dispatch Table (SSDT). This research paper investigates the interaction between these two in terms of the SSDT. To investigate these matters, we extracted digital evidence from volatile memory, and studied that evidence using the Volatility framework. Due to the diversity in detection techniques used by the anti-virus products, and the diversity of infection techniques used by rootkits, our investigation produced diverse results, results that helped us to understand several SSDT hooking strategies, and the interaction between the selected anti-virus products and the rootkit samples. …

An Ontology-Based Forensic Analysis Tool, Mohammed Alzaabi, Andy Jones, Thomas A. Martin

Annual ADFSL Conference on Digital Forensics, Security and Law

The analysis of forensic investigation results has generally been identified as the most complex phase of a digital forensic investigation. This phase becomes more complicated and time consuming as the storage capacity of digital devices is increasing, while at the same time the prices of those devices are decreasing. Although there are some tools and techniques that assist the investigator in the analysis of digital evidence, they do not adequately address some of the serious challenges, particularly with the time and effort required to conduct such tasks. In this paper, we consider the use of semantic web technologies and in …

First Glance: An Introductory Analysis Of Network Forensics Of Tor, Raymond Hansen

Annual ADFSL Conference on Digital Forensics, Security and Law

The Tor network is a low-latency overlay network for TCP flows that is designed to provide privacy and anonymity to its users. It is currently in use by many as a means to avoid censorship of both information to be shared and information to be retrieved. This paper details the architecture of the Tor network as a platform for evaluating the current state of forensic analysis of the Tor network. Specific attempts to block access to the Tor network are examined to identify (a) the processes utilized to identify Tor nodes, and (b) the resulting exposure of potentially inculpatory evidence. …

A Thematic Review Of User Compliance With Information Security Policies Literature, David Sikolia

Annual ADFSL Conference on Digital Forensics, Security and Law

The adoption of computer and internet technology has greatly improved the way businesses operate. However the risk to the confidentiality, integrity and availability of organizational data and systems has greatly increased too. Information security is an ever present concern for all organizations. Financial estimates of the impact of security breaches to information and technology resources range from hundreds of billions to over one trillion dollars each year worldwide (D'Arcy et al., 2011b). Organizations have therefore developed a combination of technical, administrative, and physical controls to reduce this risk (D'Arcy et al., 2011a). Administrative measures include the development of information security …

Journey Into Windows 8 Recovery Artifacts, W. K. Johnson

Annual ADFSL Conference on Digital Forensics, Security and Law

One of the most difficult processes of digital forensics is to understand how new technology interacts with current technology and how digital forensic analysts can utilize current Digital Forensics technologies and processes to recover and find information hidden. Microsoft has released their new operating system Windows 8, with this new release Microsoft has added some features to the operating system that will present some interesting complications to digital forensics. Since the initial release of the Windows 8 Release Candidates there have been some research released that focus primarily on the new user created artifacts and a few artifacts that have …

An Image Forensic Scheme With Robust And Fragile Watermarking For Business Documents, Sai Ho Kwok

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper proposes an image forensic scheme with both robust and fragile watermarking techniques for business documents. Through a dual watermarking approach, the proposed scheme can achieve image forensics objectives of (a) identification of source; (b) authentication of documents; and (c) locating the tempered areas of documents due to attacks. An example is presented to prove the concepts of the proposed scheme.

Keywords: Image Forensics, Fragile and Robust Watermarking, Business Document.

Significance Of Semantic Reconciliation In Digital Forensics, Nickson M. Karie, H. S. Venter

Annual ADFSL Conference on Digital Forensics, Security and Law

Digital forensics (DF) is a growing field that is gaining popularity among many computer professionals, law enforcement agencies and other stakeholders who must always cooperate in this profession. Unfortunately, this has created an environment replete with semantic disparities within the domain that needs to be resolved and/or eliminated. For the purpose of this study, semantic disparity refers to disagreements about the meaning, interpretation, descriptions and the intended use of the same or related data and terminologies. If semantic disparity is not detected and resolved, it may lead to misunderstandings. Even worse, since the people involved may not be from the …

System-Generated Digital Forensic Evidence In Graphic Design Applications, Enos Mabuto, Hein Venter

Annual ADFSL Conference on Digital Forensics, Security and Law

Graphic design applications are often used for the editing and design of digital art. The same applications can be used for creating counterfeit documents such as identity documents (IDs), driver’s licences, passports, etc. However, the use of any graphic design application leaves behind traces of digital information that can be used during a digital forensic investigation. Current digital forensic tools examine a system to find digital evidence, but they do not examine a system specifically for the creating of counterfeit documents created through the use of graphic design applications. The paper in hand reviews the system-generated digital forensic evidence gathered …

Money Laundering Detection Framework To Link The Disparate And Evolving Schemes, Murad Mehmet, Duminda Wijesekera, Miguel F. Buchholtz

Annual ADFSL Conference on Digital Forensics, Security and Law

Money launderers hide traces of their transactions with the involvement of entities that participate in sophisticated schemes. Money laundering detection requires unraveling concealed connections among multiple but seemingly unrelated human money laundering networks, ties among actors of those schemes, and amounts of funds transferred among those entities. The link among small networks, either financial or social, is the primary factor that facilitates money laundering. Hence, the analysis of relations among money laundering networks is required to present the full structure of complex schemes. We propose a framework that uses sequence matching, case-based analysis, social network analysis, and complex event processing …

Identifying Peer-To-Peer Traffic On Shared Wireless Networks, Simon Piel, Ej Jung

Annual ADFSL Conference on Digital Forensics, Security and Law

Tracing contraband downloads leads investigators to an IP address, and in turn Internet Service Providers (ISP) can provide a physical location using this IP address. However, most homes and offices share this IP address among many computers using wireless networks. In other words, there needs to be another investigation to find out which computer was responsible for contraband downloads. To make matters worse, these shared wireless networks often have vulnerabilities in access control such as using WEP or using weak passwords. In such cases, any computer in range, not necessarily at the given physical address, could be responsible. We use …

On Resolving The Cloud Forensics Conundrum, John Bagby

Annual ADFSL Conference on Digital Forensics, Security and Law

The “cloud” is idiom for an ill-defined set of online services. The cloud simultaneously offers IT savings and promises advances in functionality (e.g., ubiquity). However, the cloud also imposes poorly understood burdens on security and it may provoke injustice. Thus, the cloud presents a durable and seemingly irreconcilable conundrum for the digital forensics communit(ies). First, cloud proponents make efficiency promises for cloud services (SaaS, IaaS, PaaS). These translate well into the digital forensics domain. Indeed, the cloud may enable crowd sourcing of investigatory data vastly lowering costs of dispute resolution. For example, cloud-based litigation war rooms may reduce electronic discovery …

Cybercrime And Punishment: An Analysis Of The Deontological And Utilitarian Functions Of Punishment In The Information Age, Karim Jetha

Annual ADFSL Conference on Digital Forensics, Security and Law

This conceptual piece analyzes the role of criminal punishment and the nature of cyber crime to investigate whether the current punishment schemes are appropriate given the deontological and utilitarian goals of punishment: retribution, deterrence, incapacitation, and rehabilitation. The research has implications for policymaking in cybercriminal law.

Keywords: cybercrime, criminal law, punishment, retribution, deterrence, information economics

The Development Of Computer Forensic Legal System In China, Yonghao Mai, K. P. Chow, Rongsheng Xu, Gang Zhou, Fei Xu, Jun Zhang

Annual ADFSL Conference on Digital Forensics, Security and Law

The computer forensic discipline was established around 2000 in China, which was further developed along with Chinese judicial appraisal system in 2005. The new criminal and civil procedure laws of the People’s Republic of China was enacted on 1 Jan 2013. The new laws specified electronic data is legal evidence and has great impact on the current practice on handling electronic evidence. This paper introduces the electronic data and electronic evidence examination procedure in mainland China, the general concept of computer forensic legal system, the management of computer judicial experts, the management of computer judicial expertise institutions.

Keywords: China legal …

Automating Vendor Fraud Detection In Enterprise Systems, Kishore Singh, Peter Best, Joseph Mula

Journal of Digital Forensics, Security and Law

Fraud is a multi-billion dollar industry that continues to grow annually. Many organizations are poorly prepared to prevent and detect fraud. Fraud detection strategies are intended to quickly and efficiently identify fraudulent activities that circumvent preventative measures. In this paper, we adopt a DesignScience methodological framework to develop a model for detection of vendor fraud based on analysis of patterns or signatures identified in enterprise system audit trails. The concept is demonstrated by developing prototype software. Verification of the prototype is achieved by performing a series of experiments. Validation is achieved by independent reviews from auditing practitioners. Key findings of …

Technology Corner Visualising Forensic Data: Evidence (Part 1), Damian Schofield, Ken Fowle

Journal of Digital Forensics, Security and Law

Visualisation is becoming increasingly important for understanding information, such as investigative data (for example: computing, medical and crime scene evidence) and analysis (for example: network capability assessment, data file reconstruction and planning scenarios). Investigative data visualisation is used to reconstruct a scene or item and is used to assist the viewer (who may well be a member of the general public with little or no understanding of the subject matter) to understand what is being presented. Analysis visualisations, on the other hand, are usually developed to review data, information and assess competing scenario hypotheses for those who usually have an …

A Simple Experiment With Microsoft Office 2010 And Windows 7 Utilizing Digital Forensic Methodology, Gregory H. Carlton

Journal of Digital Forensics, Security and Law

Digital forensic examiners are tasked with retrieving data from digital storage devices, and frequently these examiners are expected to explain the circumstances that led to the data being in its current state. Through written reports or verbal, expert testimony delivered in court, digital forensic examiners are expected to describe whether data have been altered, and if so, then to what extent have data been altered. Addressing these expectations results from opinions digital forensic examiners reach concerning their understanding of electronic storage and retrieval methods. The credibility of these opinions evolves from the scientific basis from which they are drawn using …

Information Security Challenge Of Qr Codes, Nik Thompson, Kevin Lee

Journal of Digital Forensics, Security and Law

The discipline of information security must adapt to new technologies and methods of interaction with those technologies. New technologies present both challenges and opportunities for the security professional, especially for areas such as digital forensics. Challenges can be in the form of new devices such as smartphones or new methods of sharing information, such as social networks. One such rapidly emerging interaction technology is the use of Quick Response (QR) codes. These offer a physical mechanism for quick access to Web sites for advertising and social interaction. This paper argues that the common implementation of QR codes potentially presents security …

Book Review: Placing The Suspect Behind The Keyboard: Using Digital Forensics And Investigative Techniques To Identify Cybercrime Suspects, Thomas Nash

Journal of Digital Forensics, Security and Law

In this must read for any aspiring novice cybercrime investigator as well as the seasoned professional computer guru alike, Brett Shaver takes the reader into the ever changing and dynamic world of Cybercrime investigation. Shaver, an experienced criminal investigator, lays out the details and intricacies of a computer related crime investigation in a clear and concise manner in his new easy to read publication, Placing the Suspect behind the Keyboard. Using Digital Forensics and Investigative techniques to Identify Cybercrime Suspects. Shaver takes the reader from start to finish through each step of the investigative process in well organized …

Technology Corner: Visualising Forensic Data: Evidence Guidelines (Part 2), Damian Schofield, Ken Fowle

Journal of Digital Forensics, Security and Law

Visualisation is becoming increasingly important for understanding information, such as investigative data (for example: computing, medical and crime scene evidence) and analysis (for example, network capability assessment, data file reconstruction and planning scenarios). Investigative data visualisation is used to reconstruct a scene or item and is used to assist the viewer (who may well be a member of the general public with little or no understanding of the subject matter) to understand what is being presented. Analysis visualisations, on the other hand, are usually developed to review data, information and assess competing scenario hypotheses for those who usually have an …

Risk Management Of Email And Internet Use In The Workplace, John Ruhnka, Windham E. Loopesko

Journal of Digital Forensics, Security and Law

The article surveys the changing risk environment for corporations from their employees’ electronic communications. It identifies the types of liabilities that corporations can incur from such employee communications. It discusses the objectives of corporate internet use policies and the types of provisions such policies should contain. It suggests an alternative risk-based approach to corporate acceptable use policies instead of a traditional “laundry list” of internet use prohibitions.

How Often Is Employee Anger An Insider Risk Ii? Detecting And Measuring Negative Sentiment Versus Insider Risk In Digital Communications–Comparison Between Human Raters And Psycholinguistic Software, Eric Shaw, Maria Payri, Michael Cohn, Ilene R. Shaw

Journal of Digital Forensics, Security and Law

This research uses two recently introduced observer rating scales, (Shaw et al., 2013) for the identification and measurement of negative sentiment (the Scale for Negativity in Text or SNIT) and insider risk (Scale of Indicators of Risk in Digital Communication or SIRDC) in communications to test the performance of psycholinguistic software designed to detect indicators of these risk factors. The psycholinguistic software program, WarmTouch (WT), previously used for investigations, appeared to be an effective means for locating communications scored High or Medium in negative sentiment by the SNIT or High in insider risk by the SIRDC within a randomly selected …

Trends In Android Malware Detection, Kaveh Shaerpour, Ali Dehghantanha, Ramlan Mahmod

Journal of Digital Forensics, Security and Law

This paper analyzes different Android malware detection techniques from several research papers, some of these techniques are novel while others bring a new perspective to the research work done in the past. The techniques are of various kinds ranging from detection using host based frameworks and static analysis of executable to feature extraction and behavioral patterns. Each paper is reviewed extensively and the core features of each technique are highlighted and contrasted with the others. The challenges faced during the development of such techniques are also discussed along with the future prospects for Android malware detection. The findings of the …

Science Column: Reconstruction: The Experimental Side Of Digital Forensics, Fred Cohen

Journal of Digital Forensics, Security and Law

Many in digital forensics seem to forget that the science part of digital forensics means experimentation and that implies a whole lot of things that most practitioners never learned.

The Advanced Data Acquisition Model (Adam): A Process Model For Digital Forensic Practice, Richard Adams, Val Hobbs, Graham Mann

Journal of Digital Forensics, Security and Law

As with other types of evidence, the courts make no presumption that digital evidence is reliable without some evidence of empirical testing in relation to the theories and techniques associated with its production. The issue of reliability means that courts pay close attention to the manner in which electronic evidence has been obtained and in particular the process in which the data is captured and stored. Previous process models have tended to focus on one particular area of digital forensic practice, such as law enforcement, and have not incorporated a formal description. We contend that this approach has prevented the …

System-Generated Digital Forensic Evidence In Graphic Design Applications, Enos Mabuto, Hein Venter

Journal of Digital Forensics, Security and Law

Graphic design applications are often used for the editing and design of digital art. The same applications can be used for creating counterfeit documents such as identity documents (IDs), driver’s licences, passports, etc. However, the use of any graphic design application leaves behind traces of digital information that can be used during a digital forensic investigation. Current digital forensic tools examine a system to find digital evidence, but they do not examine a system specifically for the creating of counterfeit documents created through the use of graphic design applications. The paper in hand reviews the system-generated digital forensic evidence gathered …

Book Review: Iphone And Ios Forensic: Investigation, Analysis And Mobile Security For Apple Iphone, Ipad And Ios Devices, Simson Garfinkel

Journal of Digital Forensics, Security and Law

In April 2011 news outlets around the world revealed shocking news about Apple’s iPhone: for reasons that were not apparently clear, every iPhone contained a small SQLite database that logged where and when the user had been whenever the phone was turned on, and those records went back for pretty much as long as the user had owned their phone. Apple eventually declared that the data cache was the result of a bug and issued a software update to prune the database (it had previously grown without limit). Privacy activists rejoiced that their beloved iPhones were once again trustworthy. But …

Analysis Of A Second Hand Google Mini Search Appliance, Stephen Larson

Journal of Digital Forensics, Security and Law

Information and the technological advancements for which mankind develops with regards to its storage has increased tremendously over the past few decades. As the total amount of data stored rapidly increases in conjunction with the amount of widely available computer-driven devices being used, solutions are being developed to better harness this data (LaTulippe, 2011). One of these solutions is commonly known as a search appliance. Search appliances have been used in e-discovery for several years. The Google Mini Search Appliance (Mini) has not only been used for e-discovery, but for indexing and searching internal documents. To accomplish these tasks, search …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.