Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Digital forensics (8)
- Digital evidence (4)
- Forensics (4)
- Mobile device forensics (3)
- Approximate matching (2)
-
- Behavioral analysis (2)
- Bloom filter (2)
- Cloud forensics (2)
- Computer forensics (2)
- Cyber security (2)
- Mrsh-v2 (2)
- Privacy (2)
- AFC (1)
- Abstraction-Filtration-Comparison (1)
- Admissibility (1)
- Altai (1)
- Anomaly detection (1)
- Authentication (1)
- Best practices for mobile device forensics. (1)
- BitTorrent sync (1)
- CLIPS (1)
- Case prioritization (1)
- Cell phone searches (1)
- Cellebrite (1)
- Child pornography (1)
- Chinese legal system (1)
- Cloud computing (1)
- Clustering (1)
- Codec identification (1)
- Collective action (1)
Articles 1 - 30 of 38
Full-Text Articles in Computer Engineering
From The Editor-In-Chief, Ibrahim A. Baggili
From The Editor-In-Chief, Ibrahim A. Baggili
Journal of Digital Forensics, Security and Law
We are proud to share with you this special edition issue of the JDFSL. This year, JDFSL partnered with both the 6th International Conference on Digital Forensics and Cyber Crime (ICDF2C) and Systematic Approaches to Digital Forensic Engineering (SADFE)–two prominent conferences in our field that were co-hosted. Fifty-three papers were submitted, and the Technical Program Committee accepted only 17 after a rigorous review process.
Idiographic Digital Profiling: Behavioral Analysis Based On Digital Forensics, Chad M. Steel
Idiographic Digital Profiling: Behavioral Analysis Based On Digital Forensics, Chad M. Steel
Journal of Digital Forensics, Security and Law
Idiographic digital profiling (IDP) is the application of behavioral analysis to the field of digital forensics. Previous work in this field takes a nomothetic approach to behavioral analysis by attempting to understand the aggregate behaviors of cybercriminals. This work is the first to take an idiographic approach by examining a particular subject's digital footprints for immediate use in an ongoing investigation. IDP provides a framework for investigators to analyze digital behavioral evidence for the purposes of case planning, subject identification, lead generation, obtaining and executing warrants, and prosecuting offenders.
On Cyber Attacks And Signature Based Intrusion Detection For Modbus Based Industrial Control Systems, Wei Gao, Thomas H. Morris
On Cyber Attacks And Signature Based Intrusion Detection For Modbus Based Industrial Control Systems, Wei Gao, Thomas H. Morris
Journal of Digital Forensics, Security and Law
Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks. Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services. This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be …
Using Internet Artifacts To Profile A Child Pornography Suspect, Marcus K. Rogers, Kathryn C. Seigfried-Spellar
Using Internet Artifacts To Profile A Child Pornography Suspect, Marcus K. Rogers, Kathryn C. Seigfried-Spellar
Journal of Digital Forensics, Security and Law
Digital evidence plays a crucial role in child pornography investigations. However, in the following case study, the authors argue that the behavioral analysis or “profiling” of digital evidence can also play a vital role in child pornography investigations. The following case study assessed the Internet Browsing History (Internet Explorer Bookmarks, Mozilla Bookmarks, and Mozilla History) from a suspected child pornography user’s computer. The suspect in this case claimed to be conducting an ad hoc law enforcement investigation. After the URLs were classified (Neutral; Adult Porn; Child Porn; Adult Dating sites; Pictures from Social Networking Profiles; Chat Sessions; Bestiality; Data Cleaning; …
Book Review: The Basics Of Digital Forensics: The Primer For Getting Started In Digital Forensics, Stephen Larson
Book Review: The Basics Of Digital Forensics: The Primer For Getting Started In Digital Forensics, Stephen Larson
Journal of Digital Forensics, Security and Law
The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics is well-named–it really is very basic. And it should be, as the book’s intended audience includes entry-level digital forensics professionals and complimentary fields such as law enforcement, legal, and general information security. Though the copyright is 2012, some of the data is from 2009, and there is mention of estimates for 2010.
Hot Zone Identification: Analyzing Effects Of Data Sampling On Spam Clustering, Rasib Khan, Mainul Mizan, Ragib Hasan, Alan Sprague
Hot Zone Identification: Analyzing Effects Of Data Sampling On Spam Clustering, Rasib Khan, Mainul Mizan, Ragib Hasan, Alan Sprague
Journal of Digital Forensics, Security and Law
Email is the most common and comparatively the most efficient means of exchanging information in today's world. However, given the widespread use of emails in all sectors, they have been the target of spammers since the beginning. Filtering spam emails has now led to critical actions such as forensic activities based on mining spam email. The data mine for spam emails at the University of Alabama at Birmingham is considered to be one of the most prominent resources for mining and identifying spam sources. It is a widely researched repository used by researchers from different global organizations. The usual process …
Understanding Computer Forensics Requirements In China Via The “Panda Burning Incense” Virus Case, Frank Law, K. P. Chow, Y. H. Mai
Understanding Computer Forensics Requirements In China Via The “Panda Burning Incense” Virus Case, Frank Law, K. P. Chow, Y. H. Mai
Journal of Digital Forensics, Security and Law
In March 2012, Mainland China has amended its Criminal Procedure Law, which includes the introduction of a new type of evidence, i.e., digital evidence, to the court of law. To better understand the development of computer forensics and digital evidence in Mainland China, this paper discusses the Chinese legal system in relation to digital investigation and how the current legal requirements affect the existing legal and technical usage of digital evidence at legal proceedings. Through studying the famous “Panda Burning Incense (Worm.WhBoy.cw)” virus case that happened in 2007, this paper aims to provide a better understanding of how to properly …
Multi-Stakeholder Case Prioritization In Digital Investigations, Joshua I. James
Multi-Stakeholder Case Prioritization In Digital Investigations, Joshua I. James
Journal of Digital Forensics, Security and Law
This work examines the problem of case prioritization in digital investigations for better utilization of limited criminal investigation resources. Current methods of case prioritization, as well as observed prioritization methods used in digital forensic investigation laboratories are examined. After, a multi-stakeholder approach to case prioritization is given that may help reduce reputational risk to digital forensic laboratories while improving resource allocation. A survey is given that shows differing opinions of investigation priority between Law Enforcement and the public that is used in the development of a prioritization model. Finally, an example case is given to demonstrate the practicality of the …
File Detection On Network Traffic Using Approximate Matching, Frank Breitinger, Ibrahim Baggili
File Detection On Network Traffic Using Approximate Matching, Frank Breitinger, Ibrahim Baggili
Journal of Digital Forensics, Security and Law
In recent years, Internet technologies changed enormously and allow faster Internet connections, higher data rates and mobile usage. Hence, it is possible to send huge amounts of data / files easily which is often used by insiders or attackers to steal intellectual property. As a consequence, data leakage prevention systems (DLPS) have been developed which analyze network traffic and alert in case of a data leak. Although the overall concepts of the detection techniques are known, the systems are mostly closed and commercial. Within this paper we present a new technique for network traffic analysis based on approximate matching (a.k.a …
On Identities In Modern Networks, Libor Polcak, Radek Hranick, Tomas Martınek
On Identities In Modern Networks, Libor Polcak, Radek Hranick, Tomas Martınek
Journal of Digital Forensics, Security and Law
Communicating parties inside computer networks use different kind of identifiers. Some of these identifiers are stable, e.g., logins used to access a specific service, some are only temporary, e.g., dynamically assigned IP addresses. This paper tackles several challenges of lawful interception that emerged in modern networks. The main contribution is the graph model that links identities learnt from various sources distributed in a network. The inferred identities result into an interception of more detailed data in conformance with the issued court order. The approach deals with network address translation, short-lived identifiers and simultaneous usage of different identities. The approach was …
Leveraging Decentralization To Extend The Digital Evidence Acquisition Window: Case Study On Bittorrent Sync, Mark Scanlon, Jason Farina, Nhien A. Khac, Tahar Kechadi
Leveraging Decentralization To Extend The Digital Evidence Acquisition Window: Case Study On Bittorrent Sync, Mark Scanlon, Jason Farina, Nhien A. Khac, Tahar Kechadi
Journal of Digital Forensics, Security and Law
File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today’s always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect’s computer or mobile device. A methodology for the identification, investigation, recovery and verification …
Accurate Modeling Of The Siemens S7 Scada Protocol For Intrusion Detection And Digital Forensics, Amit Kleinmann, Avishai Wool
Accurate Modeling Of The Siemens S7 Scada Protocol For Intrusion Detection And Digital Forensics, Amit Kleinmann, Avishai Wool
Journal of Digital Forensics, Security and Law
The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI) and the Programmable Logic Controllers (PLCs). This paper presents a model-based Intrusion Detection Systems (IDS) designed for S7 networks. The approach is based on the key observation that S7 traffic to and from a specific PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA). The resulting DFA-based IDS is very sensitive and is able to flag anomalies such as a message appearing out of its position in the normal sequence …
Fast Rtp Detection And Codecs Classification In Internet Traffic, Petr Matousek, Ondrej Rysavy, Martin Kmet
Fast Rtp Detection And Codecs Classification In Internet Traffic, Petr Matousek, Ondrej Rysavy, Martin Kmet
Journal of Digital Forensics, Security and Law
This paper presents a fast multi-stage method for on-line detection of RTP streams and codec identification of transmitted voice or video traffic. The method includes an RTP detector that filters packets based on specific values from UDP and RTP headers. When an RTP stream is successfully detected, codec identification is applied using codec feature sets. The paper shows advantages and limitations of the method and its comparison with other approaches. The method was implemented as a part of network forensics framework NetFox developed in project SEC6NET. Results show that the method can be successfully used for Lawful Interception as well …
Exploring Forensic Implications Of The Fusion Drive, Shruti Gupta, Marcus Rogers
Exploring Forensic Implications Of The Fusion Drive, Shruti Gupta, Marcus Rogers
Journal of Digital Forensics, Security and Law
This paper explores the forensic implications of Apple’s Fusion Drive. The Fusion Drive is an example of auto-tiered storage. It uses a combination of a flash drive and a magnetic drive. Data is moved between the drives automatically to maximize system performance. This is different from traditional caches because data is moved and not simply copied. The research included understanding the drive structure, populating the drive, and then accessing data in a controlled setting to observe data migration strategies. It was observed that all the data is first written to the flash drive with 4 GB of free space always …
An Efficient Similarity Digests Database Lookup – A Logarithmic Divide & Conquer Approach, Frank Breitinger, Christian Rathgeb, Harald Baier
An Efficient Similarity Digests Database Lookup – A Logarithmic Divide & Conquer Approach, Frank Breitinger, Christian Rathgeb, Harald Baier
Journal of Digital Forensics, Security and Law
Investigating seized devices within digital forensics represents a challenging task due to the increasing amount of data. Common procedures utilize automated file identification, which reduces the amount of data an investigator has to examine manually. In the past years the research field of approximate matching arises to detect similar data. However, if n denotes the number of similarity digests in a database, then the lookup for a single similarity digest is of complexity of O(n). This paper presents a concept to extend existing approximate matching algorithms, which reduces the lookup complexity from O(n) to O(log(n)). Our proposed approach is based …
“Time For Some Traffic Problems”: Enhancing E-Discovery And Big Data Processing Tools With Linguistic Methods For Deception Detection, Erin S. Crabb
“Time For Some Traffic Problems”: Enhancing E-Discovery And Big Data Processing Tools With Linguistic Methods For Deception Detection, Erin S. Crabb
Journal of Digital Forensics, Security and Law
Linguistic deception theory provides methods to discover potentially deceptive texts to make them accessible to clerical review. This paper proposes the integration of these linguistic methods with traditional e-discovery techniques to identify deceptive texts within a given author’s larger body of written work, such as their sent email box. First, a set of linguistic features associated with deception are identified and a prototype classifier is constructed to analyze texts and describe the features’ distributions, while avoiding topic-specific features to improve recall of relevant documents. The tool is then applied to a portion of the Enron Email Dataset to illustrate how …
Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling
Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling
Journal of Digital Forensics, Security and Law
Media and network systems capture and store data about electronic activity in new, sometimes unprecedented ways; computational systems make for new means of analysis and knowledge development. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But autonomy, identity and authenticity concerns with electronic data raise issues of public policy, privacy and proper police oversight of civil society. We examine those issues and their implications for digital and computational forensics
Relating Admissibility Standards For Digital Evidence To Attack Scenario Reconstruction, Changwei Liu, Anoop Singhal, Duminda Wijesekera
Relating Admissibility Standards For Digital Evidence To Attack Scenario Reconstruction, Changwei Liu, Anoop Singhal, Duminda Wijesekera
Journal of Digital Forensics, Security and Law
Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to address the admissibility requirements by creating most probable attack scenarios that satisfy admissibility standards for substantiating evidence. Using a prototype implementation, we show how evidence extracted by using forensic tools can be integrated with legal reasoning to reconstruct …
From The Editor, Ibrahim Baggili
From The Editor, Ibrahim Baggili
Journal of Digital Forensics, Security and Law
In this issue we have three papers that have made the cut. The first paper titled “The Cost of Privacy: Riley v. California’s Impact on Cell Phone Searches” is timely. In 2014 there was a unanimous decision that requires a warrant for all cell phone searches. This has some strong implications on the forensic analysis of mobile phones, and to that end, this article discusses and summarizes this legal precedent with its practical implications.
Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe
Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe
Journal of Digital Forensics, Security and Law
Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did …
From The Editor-In-Chief, Ibrahim Baggili
From The Editor-In-Chief, Ibrahim Baggili
Journal of Digital Forensics, Security and Law
Welcome to JDFSL’s fourth and final issue for 2014! First, I would like to thank our editorial board, reviewers, and the JDFSL team for bringing this issue to life. It has been a big year for JDFSL as the journal continues to progress. I would like to highlight our critical achievements for 2014 before touching on the papers that were accepted in this issue: 1. JDFSL has gone to a fully open access model without author payment through support from academic institutions. 2. JDFSL has formed and continues to form partnerships with various conferences that relate to cyber security and …
Testing Framework For Mobile Device Forensics Tools, Maxwell Anobah, Shahzad Saleem, Oliver Popov
Testing Framework For Mobile Device Forensics Tools, Maxwell Anobah, Shahzad Saleem, Oliver Popov
Journal of Digital Forensics, Security and Law
The proliferation of mobile communication and computing devices, in particular smart mobile phones, is almost paralleled with the increasing number of mobile device forensics tools in the market. Each mobile forensics tool vendor, on one hand claims to have a tool that is best in terms of performance, while on the other hand each tool vendor seems to be using different standards for testing their tools and thereby defining what support means differently. To overcome this problem, a testing framework based on a series of tests ranging from basic forensics tasks such as file system reconstruction up to more complex …
The Cost Of Privacy: Riley V. California’S Impact On Cell Phone Searches, Jennifer L. Moore, Jonathan Langton, Joseph Pochron
The Cost Of Privacy: Riley V. California’S Impact On Cell Phone Searches, Jennifer L. Moore, Jonathan Langton, Joseph Pochron
Journal of Digital Forensics, Security and Law
Riley v. California is the United States Supreme Court’s first attempt to regulate the searches of cell phones by law enforcement. The 2014 unanimous decision requires a warrant for all cell phone searches incident to arrest absent an emergency. This work summarizes the legal precedent and analyzes the limitations and practical implications of the ruling. General guidelines for members of the criminal justice system at all levels consistent with the Supreme Court’s decision are provided.
Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practice, Shahzad Saleem, Ibrahim Baggili, Oliver Popov
Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practice, Shahzad Saleem, Ibrahim Baggili, Oliver Popov
Journal of Digital Forensics, Security and Law
In this work, a survey was conducted to help quantify the relevance of nineteen types of evidence (such as SMS) to seven types of digital investigations associated with mobile devices (MD) (such as child pornography). 97 % of the respondents agreed that every type of digital evidence has a different level of relevance to further or solve a particular investigation. From 55 serious participants, a dataset of 5,772 responses regarding the relevance of nineteen types of digital evidence for all the seven types of digital investigations was obtained. The results showed that (i) SMS belongs to the most relevant type …
Technical Soddi Defenses: The Trojan Horse Defense Revisited, Chad M. Steel
Technical Soddi Defenses: The Trojan Horse Defense Revisited, Chad M. Steel
Journal of Digital Forensics, Security and Law
In 2004, the Trojan horse defense was at a crossroads, having been successfully employed in two child pornography cases in the United Kingdom, resulting in acquittals. Despite the early successes, the Trojan horse defense has failed to become a regularly employed strategy. The original Trojan horse defense has now become part of the more general technical SODDI (Some Other Dude Did It) defense, which includes the possibility of unknown actors using unsecured Wi-Fi connections or having physical access to a computer to perform criminal acts. In the past ten years, it has not been effective in the United States for …
Fighting Child Pornography: A Review Of Legal And Technological Developments, Jasmine V. Eggestein, Kenneth J. Knapp
Fighting Child Pornography: A Review Of Legal And Technological Developments, Jasmine V. Eggestein, Kenneth J. Knapp
Journal of Digital Forensics, Security and Law
In our digitally connected world, the law is arguably behind the technological developments of the Internet age. While this causes many issues for law enforcement, it is of particular concern in the area of child pornography in the United States. With the wide availability of technologies such as digital cameras, peer-to-peer file sharing, strong encryption, Internet anonymizers and cloud computing, the creation and distribution of child pornography has become more widespread. Simultaneously, fighting the growth of this crime has become more difficult. This paper explores the development of both the legal and technological environments surrounding digital child pornography. In doing …
A State-Of-The-Art Review Of Cloud Forensics, Sameera Almulla, Youssef Iraqi, Andrew Jones
A State-Of-The-Art Review Of Cloud Forensics, Sameera Almulla, Youssef Iraqi, Andrew Jones
Journal of Digital Forensics, Security and Law
Cloud computing and digital forensics are emerging fields of technology. Unlike traditional digital forensics where the target environment can be almost completely isolated, acquired and can be under the investigators control; in cloud environments, the distribution of computation and storage poses unique and complex challenges to the investigators. Recently, the term “cloud forensics” has an increasing presence in the field of digital forensics. In this state-of-the-art review, we included the most recent research efforts that used “cloud forensics” as a keyword and then classify the literature into three dimensions: (1) survey-based, (2) technology-based and (3) forensics-procedural-based. We discuss widely accepted …
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.