Computer Engineering Commons^™

The Legal Challenges Of Networked Robotics: From The Safety Intelligence Perspective, Yueh-Hsuan Weng, Sophie T.H. Zhao

Yueh-Hsuan Weng

When Antitrust Met Facebook, Christopher S. Yoo

All Faculty Scholarship

Social networks are among the hottest phenomena on the Internet. Facebook eclipsed Google as the most visited website in both 2010 and 2011. Moreover, according to Nielsen estimates, as of the end of 2011 the average American spent nearly seven hours per month on Facebook, which is more time than they spent on Google, Yahoo!, YouTube, Microsoft, and Wikipedia combined. LinkedIn’s May 19, 2011 initial public offering (“IPO”) surpassed expectations, placing the value of the company at nearly $9 billion, and approximately a year later, its stock price had risen another 20 percent. Facebook followed suit a year later with …

Identifying And Attributing Similar Traces With Greatest Common Factor Analysis, Fred Cohen

Journal of Digital Forensics, Security and Law

This paper presents an algorithm for comparing large numbers of traces to each other and identifying and presenting groups of traces with similar features. It is applied to forensic analysis in which groups of similar traces are automatically identified and presented so that attribution and other related claims may be asserted, and independently confirmed or refuted. The approach of this paper is to identify an approximate algorithm that will find a large subset of greatest common factor similar groups of arbitrary factors in far less time and space than an exact algorithm using examiner-provided selection criteria for factor definition.

New Technologies And Constitutional Law, Thomas Fetzer, Christopher S. Yoo

All Faculty Scholarship

No abstract provided.

Real World Computer Forensics, Jessica Riccio

Liberal Arts and Engineering Studies

No abstract provided.

Beyond Coase: Emerging Technologies And Property Theory, Christopher S. Yoo

All Faculty Scholarship

In addition to prompting the development of the Coase Theorem, Ronald Coase’s landmark 1959 article on the Federal Communications Commission touched off a revolution in spectrum policy. Although one of Coase’s proposed reforms (that spectrum should be allocated through markets) has now become the conventional wisdom, his other principal recommendation (that governments stop dedicating portions of the spectrum to particular uses) has yet to be fully embraced. Drawing on spectrum as well as Internet traffic and electric power as examples, this Article argues that emerging technologies often reflect qualities that make defining property rights particularly difficult. These include the cumulative …

Digital Evidence Education In Schools Of Law, Aaron Alva, Barbara Endicott-Popovsky

Annual ADFSL Conference on Digital Forensics, Security and Law

An examination of State of Connecticut v. Julie Amero provides insight into how a general lack of understanding of digital evidence can cause an innocent defendant to be wrongfully convicted. By contrast, the 101-page opinion in Lorraine v. Markel American Insurance Co. provides legal precedence and a detailed consideration for the admission of digital evidence. An analysis of both cases leads the authors to recommend additions to Law School curricula designed to raise the awareness of the legal community to ensure such travesties of justice, as in the Amero case, don’t occur in the future. Work underway at the University …

After Five Years Of E-Discovery Missteps: Sanctions Or Safe Harbor?, Milton Luoma, Vicki Luoma

Annual ADFSL Conference on Digital Forensics, Security and Law

In 2003 the Zubulake case became the catalyst of change in the world of e-discovery. In that case Judge Shira Scheindlin of the United States District Court for the Southern District of New York set guidelines for e-discovery that served as the basis for amending the Federal Rules of Civil Procedure (FRCP) in December 2006. The amendments incorporated a number of concepts that were described by Judge Scheindlin in the Zubulake case. ( Zubulake v. UBS Warburg LLC, 2003) Since the Zubulake case and the FRCP amendments, numerous cases have interpreted these rules changes, but one of the main points …

A Case Study Of The Challenges Of Cyber Forensics Analysis Of Digital Evidence In A Child Pornography Trial, Richard Boddington

Annual ADFSL Conference on Digital Forensics, Security and Law

Perfunctory case analysis, lack of evidence validation, and an inability or unwillingness to present understandable analysis reports adversely affect the outcome course of legal trials reliant on digital evidence. These issues have serious consequences for defendants facing heavy penalties or imprisonment yet expect their defence counsel to have clear understanding of the evidence. Poorly reasoned, validated and presented digital evidence can result in conviction of the innocent as well as acquittal of the guilty. A possession of child pornography Case Study highlights the issues that appear to plague case analysis and presentation of digital evidence relied on in these odious …

Facilitating Forensics In The Mobile Millennium Through Proactive Enterprise Security, Andrew R. Scholnick

Annual ADFSL Conference on Digital Forensics, Security and Law

This work explores the impact of the emerging mobile communication device paradigm on the security-conscious enterprise, with regard to providing insights for proactive Information Assurance and facilitation of eventual Forensic analysis. Attention is given to technology evolution in the areas of best practices, attack vectors, software and hardware performance, access and activity monitoring, and architectural models.

Keywords: Forensics, enterprise security, mobile communication, best practices, attack vectors.

Multi-Parameter Sensitivity Analysis Of A Bayesian Network From A Digital Forensic Investigation, Richard E. Overill, Echo P. Zhang, Kam-Pui Chow

Annual ADFSL Conference on Digital Forensics, Security and Law

A multi-parameter sensitivity analysis of a Bayesian network (BN) used in the digital forensic investigation of the Yahoo! email case has been performed using the principle of ‘steepest gradient’ in the parameter space of the conditional probabilities. This procedure delivers a more reliable result for the dependence of the posterior probability of the BN on the values used to populate the conditional probability tables (CPTs) of the BN. As such, this work extends our previous studies using singleparameter sensitivity analyses of BNs, with the overall aim of more deeply understanding the indicative use of BNs within the digital forensic and …

Ipad2 Logical Acquisition: Automated Or Manual Examination?, Somaya Ali, Sumaya Alhosani, Farah Alzarooni, Ibrahim Baggili

Annual ADFSL Conference on Digital Forensics, Security and Law

Due to their usage increase worldwide, iPads are on the path of becoming key sources of digital evidence in criminal investigations. This research investigated the logical backup acquisition and examination of the iPad2 device using the Apple iTunes backup utility while manually examining the backup data (manual examination) and automatically parsing the backup data (Lantern software - automated examination). The results indicate that a manual examination of the logical backup structure from iTunes reveals more digital evidence, especially if installed application data is required for an investigation. However, the researchers note that if a quick triage is needed of an …

Cloud Forensics Investigation: Tracing Infringing Sharing Of Copyrighted Content In Cloud, Yi-Jun He, Echo P. Zhang, Lucas C.K. Hui, Siu Ming Yiu, K.P. Chow

Annual ADFSL Conference on Digital Forensics, Security and Law

Cloud Computing is becoming a significant technology trend nowadays, but its abrupt rise also creates a brand new front for cybercrime investigation with various challenges. One of the challenges is to track down infringing sharing of copyrighted content in cloud. To solve this problem, we study a typical type of content sharing technologies in cloud computing, analyze the challenges that the new technologies bring to forensics, formalize a procedure to get digital evidences and obtain analytical results based on the evidences to track down illegal uploader. Furthermore, we propose a reasoning model based on the probability distribution in a Bayesian …

A Fuzzy Hashing Approach Based On Random Sequences And Hamming Distance, Frank Breitinger, Harald Baier

Annual ADFSL Conference on Digital Forensics, Security and Law

Hash functions are well-known methods in computer science to map arbitrary large input to bit strings of a fixed length that serve as unique input identifier/fingerprints. A key property of cryptographic hash functions is that even if only one bit of the input is changed the output behaves pseudo randomly and therefore similar files cannot be identified. However, in the area of computer forensics it is also necessary to find similar files (e.g. different versions of a file), wherefore we need a similarity preserving hash function also called fuzzy hash function. In this paper we present a new approach for …

The Xbox 360 And Steganography: How Criminals And Terrorists Could Be "Going Dark", Ashley Podhradsky, Rob D’Ovidio, Cindy Casey

Annual ADFSL Conference on Digital Forensics, Security and Law

Video game consoles have evolved from single-player embedded systems with rudimentary processing and graphics capabilities to multipurpose devices that provide users with parallel functionality to contemporary desktop and laptop computers. Besides offering video games with rich graphics and multiuser network play, today's gaming consoles give users the ability to communicate via email, video and text chat; transfer pictures, videos, and file;, and surf the World-Wide-Web. These communication capabilities have, unfortunately, been exploited by people to plan and commit a variety of criminal activities. In an attempt to cover the digital tracks of these unlawful undertakings, anti-forensic techniques, such as steganography, …

Toward Alignment Between Communities Of Practice And Knowledge-Based Decision Support, Jason Nichols, David Biros, Mark Weiser

Annual ADFSL Conference on Digital Forensics, Security and Law

The National Repository of Digital Forensics Information (NRDFI) is a knowledge repository for law enforcement digital forensics investigators (LEDFI). Over six years, the NRDFI has undertaken significant design revisions in order to more closely align the architecture of the system with theory addressing motivation to share knowledge and communication within ego-centric groups and communities of practice. These revisions have been met with minimal change in usage patterns by LEDFI community members, calling into question the applicability of relevant theory when the domain for knowledge sharing activities expands beyond the confines of an individual organization to a community of practice. When …

Double-Compressed Jpeg Detection In A Steganalysis System, Jennifer L. Davidson, Pooja Parajape

Annual ADFSL Conference on Digital Forensics, Security and Law

The detection of hidden messages in JPEG images is a growing concern. Current detection of JPEG stego images must include detection of double compression: a JPEG image is double compressed if it has been compressed with one quality factor, uncompressed, and then re-compressed with a different quality factor. When detection of double compression is not included, erroneous detection rates are very high. The main contribution of this paper is to present an efficient double-compression detection algorithm that has relatively lower dimensionality of features and relatively lower computational time for the detection part, than current comparative classifiers. We use a model-based …

A Proposal For Incorporating Programming Blunder As Important Evidence In Abstraction-Filtration-Comparison Test, P. Vinod Bhattathiripad

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper investigates an unexplored concept in Cyber Forensics, namely, a Programming Blunder. Programming Blunder is identified as a variable or a code segment or a field in a database table, which is hardly used or executed in the context of the application or the user’s functionality. Blunder genes can be found in many parts of any program. It is the contention of this paper that this phenomenon of blunders needs to be studied systematically from its very genetic origins to their surface realizations in contrast to bugs and flaws, especially in view of their importance in software copyright infringement …

Update On The State Of The Science Of Digital Evidence Examination, Fred Cohen

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper updates previous work on the level of consensus in foundational elements of digital evidence examination. Significant consensus is found present only after definitions are made explicit, suggesting that, while there is a scientific agreement around some of the basic notions identified, the use of a common language is lacking.

Keywords: Digital forensics examination, terminology, scientific methodology, testability, validation, classification, scientific consensus

Network Neutrality And The Need For A Technological Turn In Internet Scholarship, Christopher S. Yoo

All Faculty Scholarship

To most social scientists, the technical details of how the Internet actually works remain arcane and inaccessible. At the same time, convergence is forcing scholars to grapple with how to apply regulatory regimes developed for traditional media to a world in which all services are provided via an Internet-based platform. This chapter explores the problems caused by the lack of familiarity with the underlying technology, using as its focus the network neutrality debate that has dominated Internet policy for the past several years. The analysis underscores a surprising lack of sophistication in the current debate. Unfamiliarity with the Internet’s architecture …

An End To End-To-End? A Review Essay Of Barbara Van Schewick’S Internet Architecture And Innovation, Adam Candeub

Federal Communications Law Journal

Amidst much controversy, the FCC released its landmark "network neutrality" order in December 2010. This regulation prohibits Internet service providers, such as Verizon or Comcast, from discriminating in favor of traffic or content that they own or with which they are affiliated. Professor Barbara van Schewick's recently published book, Internet Architecture and Innovation, could not be timelier. Employing a variety of economic and technical arguments, van Schewick defends the type of regulation the FCC passed as necessary to preserve the Internet's potential for innovation. My central critique of Internet Architecture is its deployment of economic theories on one side of …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Column: The Physics Of Digital Information-Part 2, Fred Cohen

Journal of Digital Forensics, Security and Law

In part 1 of this series (Cohen, 2011a), we discussed some of the basics of building a physics of digital information. Assuming, as we have, that science is about causality and that a scientific theory should require that cause(C) produces effect (E) via mechanism M (written C→ME), we explore that general theory of digital systems from the perspective of attributing effects (i.e., traces of activities in digital systems) to their causes. Full details of the current version of this physics are available online2 , and in this article, we explore a few more of them.

An Overview Of The Jumplist Configuration File In Windows 7, Harjinder S. Lallie, Parmjit S. Bains

Journal of Digital Forensics, Security and Law

The introduction of Jumplists in Windows 7 was an important feature from a forensic examiners viewpoint. Jumplist configuration files can provide the examiner with a wealth of information relating to file access and in particular: dates/times, Volume GUIDs and unique file object IDs relating to those files. Some of the information in the Jumplist could be used to build a more precise timeline relating to system and file usage. In this article, we analyse the structure of a Jumplist configuration file and in particular a record from a Jumplist configuration file and highlight some of the important entries therein.

Comparing Android Applications To Find Copying, Larry Melling, Bob Zeidman

Journal of Digital Forensics, Security and Law

The Android smartphone operating system includes a Java virtual machine that enables rapid development and deployment of a wide variety of applications. The open nature of the platform means that reverse engineering of applications is relatively easy, and many developers are concerned as applications similar to their own show up in the Android marketplace and want to know if these applications are pirated. Fortunately, the same characteristics that make an Android application easy to reverse engineer and copy also provide opportunities for Android developers to compare downloaded applications to their own. This paper describes the process for comparing a developer’s …

Pandora’S Email Box? An Exploratory Study Of Web-Based Email Forgery Detection And Validation., Richard Boddington, Grant Boxall, Jeremy Ardley

Journal of Digital Forensics, Security and Law

Web based email systems may be a source of pristine digital evidence because of the perceived difficulty of client tampering with messages stored inside the email account. We demonstrate that such assumption is wrong in the case of Windows Live Hotmail®1 . Windows Live Mail®1 synchronises message on client-side computers with the Hotmail® server, benefiting users wishing to synchronise their email accounts and personal devices. However, this synchronisation opens an exploit for wrongdoers to tamper with existing email messages and attachments as well as facilitating the insertion of fabricated messages. The exploit process enables persistent storage of tampered and fabricated …

Applying The Acpo Principles In Public Cloud Forensic Investigations, Harjinder S. Lallie, Lee Pimlott

Journal of Digital Forensics, Security and Law

The numerous advantages offered by cloud computing has fuelled its growth and has made it one of the most significant of current computing trends. The same advantages have created complex issues for those conducting digital forensic investigations. Digital forensic investigators rely on the ACPO (Association of Chief Police Officers) or similar guidelines when conducting an investigation, however the guidelines make no reference to some of the issues presented by cloud investigations. This study investigates the impact of cloud computing on ACPO’s core principles and asks whether these principles can still be applied in a cloud investigation and the challenges presented …

Technology Corner: Dating Of Electronic Hardware For Prior Art Investigations, Sellam Ismail

Journal of Digital Forensics, Security and Law

In many legal matters, specifically patent litigation, determining and authenticating the date of computer hardware or other electronic products or components is often key to establishing the item as legitimate evidence of prior art. Such evidence can be used to buttress claims of technologies available or of events transpiring by or at a particular date.

Book Review: The Software Ip Detective's Handbook: Measurement, Comparison, And Infringement Detections, Diane Barrett

Journal of Digital Forensics, Security and Law

Do not the book title fool you into thinking that the book is only for those looking to detect software infringement detection. It is a comprehensive look at software intellectual property. The book covers a wide range of topics and has something to offer for just about everyone from lawyers to programmers.

Column: Factors Affecting Data Decay, Kevin Fairbanks, Simson Garfinkel

Journal of Digital Forensics, Security and Law

In nuclear physics, the phrase decay rate is used to denote the rate that atoms and other particles spontaneously decompose. Uranium-235 famously decays into a variety of daughter isotopes including Thorium and Neptunium, which themselves decay to others. Decay rates are widely observed and wildly different depending on many factors, both internal and external. U-235 has a half-life of 703,800,000 years, for example, while free neutrons have a half-life of 611 seconds and neutrons in an atomic nucleus are stable.