Open Access. Powered by Scholars. Published by Universities.®

Computer Engineering Commons

Open Access. Powered by Scholars. Published by Universities.®

2015

Forensic Science and Technology

Articles 1 - 30 of 31

Full-Text Articles in Computer Engineering

Whatsapp Network Forensics: Decrypting And Understanding The Whatsapp Call Signaling Messages, Filip Karpisek, Ibrahim Baggili, Frank Breitinger Oct 2015

Whatsapp Network Forensics: Decrypting And Understanding The Whatsapp Call Signaling Messages, Filip Karpisek, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

WhatsApp is a widely adopted mobile messaging application with over 800 million users. Recently, a calling feature was added to the application and no comprehensive digital forensic analysis has been performed with regards to this feature at the time of writing this paper. In this work, we describe how we were able to decrypt the network traffic and obtain forensic artifacts that relate to this new calling feature which included the: a) WhatsApp phone numbers, b) WhatsApp server IPs, c) WhatsApp audio codec (Opus), d) WhatsApp call duration, and e) WhatsApp's call termination. We explain the methods and tools used …

Go to article

Professor Frank Breitinger's Full Bibliography, Frank Breitinger Oct 2015

Professor Frank Breitinger's Full Bibliography, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

No abstract provided.

Go to article

From The Editor-In-Chief, Ibrahim Baggili Jan 2015

From The Editor-In-Chief, Ibrahim Baggili

Journal of Digital Forensics, Security and Law

Welcome to JDFSL’s first issue for 2015! First, I would like to thank our editorial board, reviewers, and the JDFSL team for bringing this issue to life. It has been a big year for JDFSL as the journal continues to progress. We are continuing our indexing efforts for the journal and we are getting closer with some of the major databases.

Go to article

A Survey Of Botnet Detection Techniques By Command And Control Infrastructure, Thomas S. Hyslip, Jason M. Pittman Jan 2015

A Survey Of Botnet Detection Techniques By Command And Control Infrastructure, Thomas S. Hyslip, Jason M. Pittman

Journal of Digital Forensics, Security and Law

Botnets have evolved to become one of the most serious threats to the Internet and there is substantial research on both botnets and botnet detection techniques. This survey reviewed the history of botnets and botnet detection techniques. The survey showed traditional botnet detection techniques rely on passive techniques, primarily honeypots, and that honeypots are not effective at detecting peer-to-peer and other decentralized botnets. Furthermore, the detection techniques aimed at decentralized and peer-to-peer botnets focus on detecting communications between the infected bots. Recent research has shown hierarchical clustering of flow data and machine learning are effective techniques for detecting botnet peer-to-peer …

Go to article

From The Editor-In-Chief, Ibrahim Baggili Jan 2015

From The Editor-In-Chief, Ibrahim Baggili

Journal of Digital Forensics, Security and Law

Welcome to JDFSL’s second issue for 2015! First, I would like to thank our editorial board, reviewers, and the JDFSL team for bringing this issue to life. In this issue, we continue our multidisciplinary tradition. The first paper, Two challenges of stealthy hypervisors detection: time cheating and data fluctuations, showcases an important contribution to the computing discipline. The use of virtualization has dramatically increased given our strong reliance on cloud services both private and public. Even though hypervisors enhance security, they can also be exploited by malware. Therefore, this paper is of importance given that it introduces a novel method …

Go to article

To License Or Not To License Reexamined: An Updated Report On State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Alan Rea, Doug White Jan 2015

To License Or Not To License Reexamined: An Updated Report On State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Alan Rea, Doug White

Journal of Digital Forensics, Security and Law

In this update to the 2012 year's study, the authors examine statutes that regulate, license, and enforce investigative functions in each US state. As before, the authors find that very few state statutes explicitly differentiate between Private Investigators and Digital Examiners. There is a small trend in which some states are changing definitions or moving to exempt DE from PI licensing requirements. However, we look at some additional information in terms of practicing attorney exemptions that may cloud the licensing waters.

As with the previous research studies (Lonardo et al., 2008, 2009, 2012) the authors contacted all state regulatory agencies …

Go to article

Data Loss Prevention Management And Control: Inside Activity Incident Monitoring, Identification, And Tracking In Healthcare Enterprise Environments, Manghui Tu, Kimberly Spoa-Harty, Liangliang Xiao Jan 2015

Data Loss Prevention Management And Control: Inside Activity Incident Monitoring, Identification, And Tracking In Healthcare Enterprise Environments, Manghui Tu, Kimberly Spoa-Harty, Liangliang Xiao

Journal of Digital Forensics, Security and Law

As healthcare data are pushed online, consumers have raised big concerns on the breach of their personal information. Law and regulations have placed businesses and public organizations under obligations to take actions to prevent data breach. Among various threats, insider threats have been identified to be a major threat on data loss. Thus, effective mechanisms to control insider threats on data loss are urgently needed. The objective of this research is to address data loss prevention challenges in healthcare enterprise environment. First, a novel approach is provided to model internal threat, specifically inside activities. With inside activities modeling, data …

Go to article

Litigation Holds: Past, Present, And Future Directions, Milton Luoma, Vicki M. Luoma Jan 2015

Litigation Holds: Past, Present, And Future Directions, Milton Luoma, Vicki M. Luoma

Journal of Digital Forensics, Security and Law

Electronically Stored Information (ESI) first became a serious litigation issue in the late 1990s, and the first attempts to determine best practices did not occur until the early 2000s. As best practices developed, the litigation hold to prevent routine destruction of documents and to preserve documents relevant to litigation came into existence. The duty to preserve ESI is triggered when litigation is reasonably anticipated. All information that relates to potential litigation must be preserved from the time it becomes reasonably apparent that litigation is possible until the expiration of the statute of limitations. If steps are not taken to properly …

Go to article

Computer Forensic Projects For Accountants, Grover S. Kearns Jan 2015

Computer Forensic Projects For Accountants, Grover S. Kearns

Journal of Digital Forensics, Security and Law

Digital attacks on organizations are becoming more common and more sophisticated. Firms are interested in providing data security and having an effective means to respond to attacks. Accountants possess important investigative and analytical skills that serve to uncover fraud in forensic investigations. Some accounting students take courses in forensic accounting but few colleges offer a course in computer forensics for accountants. Educators wishing to develop such a course may find developing the curriculum daunting. A major element of such a course is the use of forensic software. This paper argues the importance of computer forensics to accounting students and offers …

Go to article

On The Network Performance Of Digital Evidence Acquisition Of Small Scale Devices Over Public Networks, Irvin Homem, Spyridon Dosis Jan 2015

On The Network Performance Of Digital Evidence Acquisition Of Small Scale Devices Over Public Networks, Irvin Homem, Spyridon Dosis

Journal of Digital Forensics, Security and Law

While cybercrime proliferates – becoming more complex and surreptitious on the Internet – the tools and techniques used in performing digital investigations are still largely lagging behind, effectively slowing down law enforcement agencies at large. Real-time remote acquisition of digital evidence over the Internet is still an elusive ideal in the combat against cybercrime. In this paper we briefly describe the architecture of a comprehensive proactive digital investigation system that is termed as the Live Evidence Information Aggregator (LEIA). This system aims at collecting digital evidence from potentially any device in real time over the Internet. Particular focus is made …

Go to article

Identification And Exploitation Of Inadvertent Spectral Artifacts In Digital Audio, N. C. Donnangelo, W. S. Kuklinski, R. Szabo, R. A. Coury, G. R. Hamshar Jan 2015

Identification And Exploitation Of Inadvertent Spectral Artifacts In Digital Audio, N. C. Donnangelo, W. S. Kuklinski, R. Szabo, R. A. Coury, G. R. Hamshar

Journal of Digital Forensics, Security and Law

We show that modulation products from local oscillators in a variety of commercial camcorders are coupled into the recorded audio track, creating narrow band time invariant spectral features. These spectral features, left largely intact by transcoding, compression and other forms of audiovisual post processing, can encode characteristics of specific camcorders used to capture the audio files, including the make and model. Using data sets both downloaded from YouTube and collected under controlled laboratory conditions we demonstrate an average probability of detection (Pd) approaching 0.95 for identification of a specific camcorder in a population of thousands of similar recordings, with a …

Go to article

The "Bring Your Own Device" Conundrum For Organizations And Investigators: An Examination Of The Policy And Legal Concerns In Light Of Investigatory Challenges, Carla J. Utter, Alan Rea Jan 2015

The "Bring Your Own Device" Conundrum For Organizations And Investigators: An Examination Of The Policy And Legal Concerns In Light Of Investigatory Challenges, Carla J. Utter, Alan Rea

Journal of Digital Forensics, Security and Law

In recent years, with the expansion of technology and the desire to downsize costs within the corporate culture, the technology trend has steered towards the integration of personally owned mobile devices (i.e. smartphones) within the corporate and enterprise environment. The movement, known as “Bring Your Own Device” (hereinafter referred to as “BYOD”), seeks to minimize or eliminate the need for two separate and distinct mobile devices for one employee. While taken at face value this trend seems favorable, the corporate policy and legal implications of the implementation of BYOD are further complicated by significant investigatory issues that far outweigh the …

Go to article

Factors Influencing Digital Forensic Investigations: Empirical Evaluation Of 12 Years Of Dubai Police Cases, Ibtesam Alawadhi, Janet C. Read, Andrew Marrington, Virginia N. L. Franqueira Jan 2015

Factors Influencing Digital Forensic Investigations: Empirical Evaluation Of 12 Years Of Dubai Police Cases, Ibtesam Alawadhi, Janet C. Read, Andrew Marrington, Virginia N. L. Franqueira

Journal of Digital Forensics, Security and Law

In Digital Forensics, the number of person-hours spent on investigation is a key factor which needs to be kept to a minimum whilst also paying close attention to the authenticity of the evidence. The literature describes challenges behind increasing person-hours and identifies several factors which contribute to this phenomenon. This paper reviews these factors and demonstrates that they do not wholly account for increases in investigation time. Using real case records from the Dubai Police, an extensive study explains the contribution of other factors to the increase in person-hours. We conclude this work by emphasizing on several factors affecting the …

Go to article

Tracking And Taxonomy Of Cyberlocker Link Sharers Based On Behavior Analysis, Xiao-Xi Fan, Kam-Pui Chow Jan 2015

Tracking And Taxonomy Of Cyberlocker Link Sharers Based On Behavior Analysis, Xiao-Xi Fan, Kam-Pui Chow

Journal of Digital Forensics, Security and Law

The growing popularity of cyberlocker service has led to significant impact on the Internet that it is considered as one of the biggest contributors to the global Internet traffic estimated to be illegally traded content. Due to the anonymity property of cyberlocker, it is difficult for investigators to track user identity directly on cyberlocker site. In order to find the potential relationships between cyberlocker users, we propose a framework to collect cyberlocker related data from public forums where cyberlocker users usually distribute cyberlocker links for others to download and identity information can be gathered easily. Different kinds of sharing behaviors …

Go to article

Cyber Black Box/Event Data Recorder: Legal And Ethical Perspectives And Challenges With Digital Forensics, Michael Losavio, Pavel Pastukov, Svetlana Polyakova Jan 2015

Cyber Black Box/Event Data Recorder: Legal And Ethical Perspectives And Challenges With Digital Forensics, Michael Losavio, Pavel Pastukov, Svetlana Polyakova

Journal of Digital Forensics, Security and Law

With ubiquitous computing and the growth of the Internet of Things, there is vast expansion in the deployment and use of event data recording systems in a variety of environments. From the ships’ logs of antiquity through the evolution of personal devices for recording personal and environmental activities, these devices offer rich forensic and evidentiary opportunities that smash against rights of privacy and personality. The technical configurations of these devices provide for greater scope of sensing, interconnection options for local, near, and cloud storage of data, and the possibility of powerful analytics. This creates the unique situation of near-total data …

Go to article

A 3-D Stability Analysis Of Lee Harvey Oswald In The Backyard Photo, Srivamshi Pittala, Emily Whiting, Hany Farid Jan 2015

A 3-D Stability Analysis Of Lee Harvey Oswald In The Backyard Photo, Srivamshi Pittala, Emily Whiting, Hany Farid

Journal of Digital Forensics, Security and Law

Fifty years have passed since the assassination of U.S. President Kennedy. Despite the long passage of time, it is still argued that the famous backyard photo of Oswald, holding the same type of rifle used to assassinate the President, is a fake. These claims include, among others, that Oswald’s pose in the photo is physically implausible. We describe a detailed 3-D stability analysis to determine if this claim is warranted.

Go to article

Plc Forensics Based On Control Program Logic Change Detection, Ken Yau, Kam-Pui Chow Jan 2015

Plc Forensics Based On Control Program Logic Change Detection, Ken Yau, Kam-Pui Chow

Journal of Digital Forensics, Security and Law

Supervisory Control and Data Acquisition (SCADA) system is an industrial control automated system. It is built with multiple Programmable Logic Controllers (PLCs). PLC is a special form of microprocessor-based controller with proprietary operating system. Due to the unique architecture of PLC, traditional digital forensic tools are difficult to be applied. In this paper, we propose a program called Control Program Logic Change Detector (CPLCD), it works with a set of Detection Rules (DRs) to detect and record undesired incidents on interfering normal operations of PLC. In order to prove the feasibility of our solution, we set up two experiments for …

Go to article

Forensic Acquisition Of Imvu: A Case Study, Robert Van Voorst, M-Tahar Kechadi, Nhien-An Le-Khac Jan 2015

Forensic Acquisition Of Imvu: A Case Study, Robert Van Voorst, M-Tahar Kechadi, Nhien-An Le-Khac

Journal of Digital Forensics, Security and Law

There are many applications available for personal computers and mobile devices that facilitate users in meeting potential partners. There is, however, a risk associated with the level of anonymity on using instant message applications, because there exists the potential for predators to attract and lure vulnerable users. Today Instant Messaging within a Virtual Universe (IMVU) combines custom avatars, chat or instant message (IM), community, content creation, commerce, and anonymity. IMVU is also being exploited by criminals to commit a wide variety of offenses. However, there are very few researches on digital forensic acquisition of IMVU applications. In this paper, we …

Go to article

Open Forensic Devices, Lee Tobin, Pavel Gladyshev Jan 2015

Open Forensic Devices, Lee Tobin, Pavel Gladyshev

Journal of Digital Forensics, Security and Law

Cybercrime has been a growing concern for the past two decades. What used to be the responsibility of specialist national police has become routine work for regional and district police. Unfortunately, funding for law enforcement agencies is not growing as fast as the amount of digital evidence. In this paper, we present a forensic platform that is tailored for cost effectiveness, extensibility, and ease of use. The software for this platform is open source and can be deployed on practically all commercially available hardware devices such as standard desktop motherboards or embedded systems such as Raspberry Pi and Gizmosphere’s Gizmo …

Go to article

Exploring The Use Of Plc Debugging Tools For Digital Forensic Investigations On Scada Systems, Tina Wu, Jason R.C. Nurse Jan 2015

Exploring The Use Of Plc Debugging Tools For Digital Forensic Investigations On Scada Systems, Tina Wu, Jason R.C. Nurse

Journal of Digital Forensics, Security and Law

The Stuxnet malware attack has provided strong evidence for the development of a forensic capability to aid in thorough post-incident investigations. Current live forensic tools are typically used to acquire and examine memory from computers running either Windows or Unix. This makes them incompatible with embedded devices found on SCADA systems that have their own bespoke operating system. Currently, only a limited number of forensics tools have been developed for SCADA systems, with no development of tools to acquire the program code from PLCs. In this paper, we explore this problem with two main hypotheses in mind. Our first hypothesis …

Go to article

Project Maelstrom: Forensic Analysis Of The Bittorrent-Powered Browser, Jason Farina, M-Tahar Kechadi, Mark Scanlon Jan 2015

Project Maelstrom: Forensic Analysis Of The Bittorrent-Powered Browser, Jason Farina, M-Tahar Kechadi, Mark Scanlon

Journal of Digital Forensics, Security and Law

In April 2015, BitTorrent Inc. released their distributed peer-to-peer powered browser, Project Maelstrom, into public beta. The browser facilitates a new alternative website distribution paradigm to the traditional HTTP-based, client-server model. This decentralised web is powered by each of the visitors accessing each Maelstrom hosted website. Each user shares their copy of the website;s source code and multimedia content with new visitors. As a result, a Maelstrom hosted website cannot be taken offline by law enforcement or any other parties. Due to this open distribution model, a number of interesting censorship, security and privacy considerations are raised. This paper explores …

Go to article

Table Of Contents Jan 2015

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Go to article

Table Of Contents Jan 2015

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Go to article

Table Of Contents Jan 2015

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Go to article

Table Of Contents Jan 2015

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Go to article

Two Challenges Of Stealthy Hypervisors Detection: Time Cheating And Data Fluctuations, Igor Korkin Jan 2015

Two Challenges Of Stealthy Hypervisors Detection: Time Cheating And Data Fluctuations, Igor Korkin

Journal of Digital Forensics, Security and Law

Hardware virtualization technologies play a significant role in cyber security. On the one hand these technologies enhance security levels, by designing a trusted operating system. On the other hand these technologies can be taken up into modern malware which is rather hard to detect. None of the existing methods is able to efficiently detect a hypervisor in the face of countermeasures such as time cheating, temporary self uninstalling, memory hiding etc. New hypervisor detection methods which will be described in this paper can detect a hypervisor under these countermeasures and even count several nested ones. These novel approaches rely on …

Go to article

Rules Of Professional Responsibility In Digital Forensics: A Comparative Analysis, Filipo Sharevski Jan 2015

Rules Of Professional Responsibility In Digital Forensics: A Comparative Analysis, Filipo Sharevski

Journal of Digital Forensics, Security and Law

The consolidation of the rules of professional responsibility as recommended by the Committee on Identifying the Needs of Forensic Sciences Community (2009) accents the establishment of an uniform code of ethics emphasizing the importance of enforceability in strengthening the role the forensic science plays within the criminal justice system. Equally pertinent for the domain of digital forensics, this imperative entails a research commitment in comparing and contrasting the respective codes of ethics to illustrate their “variety, specificity and enforceability” in order to inform the discussion on the regulative aspects of the digital forensic discipline. Accordingly, this paper reviews the professional …

Go to article

Data Extraction On Mtk-Based Android Mobile Phone Forensics, Joe Kong Jan 2015

Data Extraction On Mtk-Based Android Mobile Phone Forensics, Joe Kong

Journal of Digital Forensics, Security and Law

In conducting criminal investigations it is quite common that forensic examiners need to recover evidentiary data from smartphones used by offenders. However, examiners encountered difficulties in acquiring complete memory dump from MTK Android phones, a popular brand of smartphones, due to a lack of technical knowledge on the phone architecture and that system manuals are not always available. This research will perform tests to capture data from MTK Android phone by applying selected forensic tools and compare their effectiveness by analyzing the extracted results. It is anticipated that a generic extraction tool, once identified, can be used on different brands …

Go to article

The Use Of Ontologies In Forensic Analysis Of Smartphone Content, Mohammed Alzaabi, Thomas A. Martin, Kamal Taha, Andy Jones Jan 2015

The Use Of Ontologies In Forensic Analysis Of Smartphone Content, Mohammed Alzaabi, Thomas A. Martin, Kamal Taha, Andy Jones

Journal of Digital Forensics, Security and Law

Digital forensics investigators face a constant challenge in keeping track with evolving technologies such as smartphones. Analyzing the contents of these devices to infer useful information is becoming more time consuming as the volume and complexity of data are increasing. Typically, such analysis is undertaken by a human, which makes it dependent on the experience of the investigator. To overcome such impediments, an automated technique can be utilized in order to aid the investigator to quickly and eciently analyze the data.In this paper, we propose F-DOS; a set of ontologies that models the smartphone content for the purpose of forensic …

Go to article

An Empirical Comparison Of Widely Adopted Hash Functions In Digital Forensics: Does The Programming Language And Operating System Make A Difference?, Satyendra Gurjar, Ibrahim Baggili, Frank Breitinger, Alice E. Fischer Jan 2015

An Empirical Comparison Of Widely Adopted Hash Functions In Digital Forensics: Does The Programming Language And Operating System Make A Difference?, Satyendra Gurjar, Ibrahim Baggili, Frank Breitinger, Alice E. Fischer

Electrical & Computer Engineering and Computer Science Faculty Publications

Hash functions are widespread in computer sciences and have a wide range of applications such as ensuring integrity in cryptographic protocols, structuring database entries (hash tables) or identifying known files in forensic investigations. Besides their cryptographic requirements, a fundamental property of hash functions is efficient and easy computation which is especially important in digital forensics due to the large amount of data that needs to be processed when working on cases. In this paper, we correlate the runtime efficiency of common hashing algorithms (MD5, SHA-family) and their implementation. Our empirical comparison focuses on C-OpenSSL, Python, Ruby, Java on Windows and …

Go to article

Next Last