Computer Engineering Commons^™

Exploring Forensic Implications Of The Fusion Drive, Shruti Gupta, Marcus Rogers

Journal of Digital Forensics, Security and Law

This paper explores the forensic implications of Apple’s Fusion Drive. The Fusion Drive is an example of auto-tiered storage. It uses a combination of a flash drive and a magnetic drive. Data is moved between the drives automatically to maximize system performance. This is different from traditional caches because data is moved and not simply copied. The research included understanding the drive structure, populating the drive, and then accessing data in a controlled setting to observe data migration strategies. It was observed that all the data is first written to the flash drive with 4 GB of free space always …

Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling

Journal of Digital Forensics, Security and Law

Media and network systems capture and store data about electronic activity in new, sometimes unprecedented ways; computational systems make for new means of analysis and knowledge development. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But autonomy, identity and authenticity concerns with electronic data raise issues of public policy, privacy and proper police oversight of civil society. We examine those issues and their implications for digital and computational forensics

Relating Admissibility Standards For Digital Evidence To Attack Scenario Reconstruction, Changwei Liu, Anoop Singhal, Duminda Wijesekera

Journal of Digital Forensics, Security and Law

Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to address the admissibility requirements by creating most probable attack scenarios that satisfy admissibility standards for substantiating evidence. Using a prototype implementation, we show how evidence extracted by using forensic tools can be integrated with legal reasoning to reconstruct …

Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe

Journal of Digital Forensics, Security and Law

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did …

Analysis Of A Second Hand Google Mini Search Appliance, Stephen Larson

Journal of Digital Forensics, Security and Law

Information and the technological advancements for which mankind develops with regards to its storage has increased tremendously over the past few decades. As the total amount of data stored rapidly increases in conjunction with the amount of widely available computer-driven devices being used, solutions are being developed to better harness this data (LaTulippe, 2011). One of these solutions is commonly known as a search appliance. Search appliances have been used in e-discovery for several years. The Google Mini Search Appliance (Mini) has not only been used for e-discovery, but for indexing and searching internal documents. To accomplish these tasks, search …

Real World Computer Forensics, Jessica Riccio

Liberal Arts and Engineering Studies

No abstract provided.

Comparing Android Applications To Find Copying, Larry Melling, Bob Zeidman

Journal of Digital Forensics, Security and Law

The Android smartphone operating system includes a Java virtual machine that enables rapid development and deployment of a wide variety of applications. The open nature of the platform means that reverse engineering of applications is relatively easy, and many developers are concerned as applications similar to their own show up in the Android marketplace and want to know if these applications are pirated. Fortunately, the same characteristics that make an Android application easy to reverse engineer and copy also provide opportunities for Android developers to compare downloaded applications to their own. This paper describes the process for comparing a developer’s …

Kindle Forensics: Acquisition & Analysis, Peter Hannay

Journal of Digital Forensics, Security and Law

The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.

Working Inside The Box: An Example Of Google Desktop Search In A Forensic Examination, Timothy J. Latulippe

Journal of Digital Forensics, Security and Law

Information and the technological advancements for which mankind develops with regards to its storage has increased tremendously over the past few decades. As the total amount of data stored rapidly increases in conjunction with the amount of widely available computer-driven devices being used, solutions are being developed to better harness this data. These types of advancements are continually assisting investigators and computer forensic examiners. One such application which houses copious amounts of fruitful data is the Google Desktop Search program. Coupled with tested and verified techniques, examiners can exploit the power of this application to cater to their investigative needs. …

Computer Forensics For Graduate Accountants: A Motivational Curriculum Design Approach, Grover S. Kearns

Journal of Digital Forensics, Security and Law

Computer forensics involves the investigation of digital sources to acquire evidence that can be used in a court of law. It can also be used to identify and respond to threats to hosts and systems. Accountants use computer forensics to investigate computer crime or misuse, theft of trade secrets, theft of or destruction of intellectual property, and fraud. Education of accountants to use forensic tools is a goal of the AICPA (American Institute of Certified Public Accountants). Accounting students, however, may not view information technology as vital to their career paths and need motivation to acquire forensic knowledge and skills. …

Graduate Accounting Students' Perception Of It Forensics: A Multi-Dimensional Analysis, Grover S. Kearns

Journal of Digital Forensics, Security and Law

Forensics and information technology (IT) have become increasingly important to accountants and auditors. Undergraduate accounting students are introduced to general IT topics but discussion of forensic knowledge is limited. A few schools have introduced an undergraduate major in forensic accounting. Some graduate schools offer accounting students an emphasis in forensic or fraud accounting that includes instruction in forensics and information technology. When students do not view the IT topics as being equally important to their careers as traditional accounting topics, these attitudes may reduce the quality of the course. In an effort to assess student attitudes, a survey of 46 …

Who Is Reading The Data On Your Old Computer?, Vivienne Mee

Journal of Digital Forensics, Security and Law

Researchers at Rits Information Security performed a study in how the Irish population disposes of their old computers. How would you dispose of your old computer, or how would the company you work for dispose of their old computers?

The majority of Irish homeowners, would bring their old computers to local civic amenity centres, give it away to a relative or sell it on to another party.

Some organisations would give their old equipment to a staff member, as a gift gesture, others may simply discard in the local civic amenity site.

What is wrong with the methods currently being …

The Design And Implementation Of An Automated Security Compliance Toolkit: A Pedagogical Exercise, Guillermo Francia, Brian Estes, Rahjima Francia, Vu Nguyen, Alex Scroggins

Journal of Digital Forensics, Security and Law

The demand, through government regulations, for the preservation of the security, integrity, and privacy of corporate and customer information is increasing at an unprecedented pace. Government and private entities struggle to comply with these regulations through various means—both automated and manual controls. This paper presents an automated security compliance toolkit that is designed and developed using mostly open source tools to demonstrate that 1) meeting regulatory compliance does not need to be a very expensive proposition and 2) an undertaking of this magnitude could be served as a pedagogical exercise for students in the areas of collaboration, project management, software …