Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 21 of 21
Full-Text Articles in Law
Designing Laboratories For Small Scale Digital Device Forensics, Richard P. Mislan, Tim Wedge
Designing Laboratories For Small Scale Digital Device Forensics, Richard P. Mislan, Tim Wedge
Annual ADFSL Conference on Digital Forensics, Security and Law
The ubiquity of small scale digital devices (SSDD), the public’s ever increasing societal dependence on SSDD, and the continual presence of SSDD at all types of crime scenes, including non-technical and violent crimes, demand a formalized curriculum for the education and training of future cyber forensic examiners. This paper presents the various SSDD forensics labs currently in use and under development for future use at the Purdue University Cyber Forensics Laboratory. The primary objective of each module is to provide specific real-world cases for the learning, comprehension, and understanding of hands-on investigative techniques and methodologies. The purpose of this paper …
Network Forensic Investigation Of Internal Misuse/Crime In Saudi Arabia: A Hacking Case, Abdulrazaq Al-Murjan, Konstantinos Xynos
Network Forensic Investigation Of Internal Misuse/Crime In Saudi Arabia: A Hacking Case, Abdulrazaq Al-Murjan, Konstantinos Xynos
Annual ADFSL Conference on Digital Forensics, Security and Law
There are ad-hoc guidelines and a limited policy on computer incident response that does not include computer forensic preparation procedures (e.g. logging incidents). In addition, these guidelines do not consider the requirement of Islamic law for admissible evidence at an organisational level in Saudi Arabia. Network forensic investigation might breach the Saudi law if they follow ad-hoc or international digital forensic standards such as Association of Chief Police Officers (ACPO) guidelines. This might put the organisation in a costly situation when a malicious employee sues an Islamic court. This is because the law of Saudi Arabia is complying with Islamic …
Paper Session Ii: Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota
Paper Session Ii: Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota
Annual ADFSL Conference on Digital Forensics, Security and Law
With the proliferation of digital based evidence, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. In many investigations critical information is required while at the scene or within a short period of time - measured in hours as opposed to days. The traditional cyber forensics approach of seizing a system(s)/media, transporting it to the lab, making a forensic image(s), and then searching the entire system for potential evidence, is no longer appropriate in some circumstances. In cases such as child abductions, pedophiles, missing or exploited persons, time is of the essence. In …
Development Of A National Repository Of Digital Forensic Intelligence, Mark Weiser, David P. Biros, Greg Mosier
Development Of A National Repository Of Digital Forensic Intelligence, Mark Weiser, David P. Biros, Greg Mosier
Annual ADFSL Conference on Digital Forensics, Security and Law
Many people do all of their banking online, we and our children communicate with peers through computer systems, and there are many jobs that require near continuous interaction with computer systems. Criminals, however, are also “connected”, and our online interaction provides them a conduit into our information like never before. Our credit card numbers and other fiscal information are at risk, our children's personal information is exposed to the world, and our professional reputations are on the line.
The discipline of Digital Forensics in law enforcement agencies around the nation and world has grown to match the increased risk and …
Designing A Data Warehouse For Cyber Crimes, Il-Yeol Song, John D. Maguire, Ki Jung Lee, Namyoun Choi, Xiaohua Hu, Peter Chen
Designing A Data Warehouse For Cyber Crimes, Il-Yeol Song, John D. Maguire, Ki Jung Lee, Namyoun Choi, Xiaohua Hu, Peter Chen
Annual ADFSL Conference on Digital Forensics, Security and Law
One of the greatest challenges facing modern society is the rising tide of cyber crimes. These crimes, since they rarely fit the model of conventional crimes, are difficult to investigate, hard to analyze, and difficult to prosecute. Collecting data in a unified framework is a mandatory step that will assist the investigator in sorting through the mountains of data. In this paper, we explore designing a dimensional model for a data warehouse that can be used in analyzing cyber crime data. We also present some interesting queries and the types of cyber crime analyses that can be performed based on …
Assessing The Gap: Measure The Impact Of Phishing On An Organization, Brad Wardman
Assessing The Gap: Measure The Impact Of Phishing On An Organization, Brad Wardman
Annual ADFSL Conference on Digital Forensics, Security and Law
Phishing has become one of the most recognized words associated with cybercrime. As more organizations are being targeted by phishing campaigns, there are more options within the industry to deter such attacks. However, there is little research into how much damage these campaigns are causing organizations. This paper will show how financial organizations can be impacted by phishing and present a method for accurately quantifying resultant monetary losses. The methodology presented in this paper can be adapted to other organizations in order to quantify phishing losses across industries.
Keywords: phishing, cybercrime, economics
Sim Card Forensics: Digital Evidence, Nada Ibrahim, Nuha Al Naqbi, Farkhund Iqbal, Omar Alfandi
Sim Card Forensics: Digital Evidence, Nada Ibrahim, Nuha Al Naqbi, Farkhund Iqbal, Omar Alfandi
Annual ADFSL Conference on Digital Forensics, Security and Law
With the rapid evolution of the smartphone industry, mobile device forensics has become essential in cybercrime investigation. Currently, evidence forensically-retrieved from a mobile device is in the form of call logs, contacts, and SMSs; a mobile forensic investigator should also be aware of the vast amount of user data and network information that are stored in the mobile SIM card such as ICCID, IMSI, and ADN. The aim of this study is to test various forensic tools to effectively gather critical evidence stored on the SIM card. In the first set of experiments, we compare the selected forensic tools in …
Wban Security Management In Healthcare Enterprise Environments, Karina Bahena, Manghui Tu
Wban Security Management In Healthcare Enterprise Environments, Karina Bahena, Manghui Tu
Annual ADFSL Conference on Digital Forensics, Security and Law
As healthcare data are pushed online, consumers have raised big concerns on the breach of their personal information. Law and regulations have placed businesses and public organizations under obligations to take actions to prevent such data breaches. Various vulnerabilities have been identified in healthcare enterprise environments, in which the Wireless Body Area Networks (WBAN) remains to be a major vulnerability, which can be easily taken advantage of by determined adversaries. Thus, vulnerabilities of WBAN systems and the effective countermeasure mechanisms to secure WBAN are urgently needed. In this research, first, the architecture of WBAN system has been explored, and the …
Reverse Engineering A Nit That Unmasks Tor Users, Matthew Miller, Joshua Stroschein, Ashley Podhradsky
Reverse Engineering A Nit That Unmasks Tor Users, Matthew Miller, Joshua Stroschein, Ashley Podhradsky
Annual ADFSL Conference on Digital Forensics, Security and Law
This paper is a case study of a forensic investigation of a Network Investigative Technique (NIT) used by the FBI to deanonymize users of a The Onion Router (Tor) Hidden Service. The forensic investigators were hired by the defense to determine how the NIT worked. The defendant was ac- cused of using a browser to access illegal information. The authors analyzed the source code, binary files and logs that were used by the NIT. The analysis was used to validate that the NIT collected only necessary and legally authorized information. This paper outlines the publicly available case details, how the …
Forensics Analysis Of Privacy Of Portable Web Browsers, Ahmad Ghafarian
Forensics Analysis Of Privacy Of Portable Web Browsers, Ahmad Ghafarian
Annual ADFSL Conference on Digital Forensics, Security and Law
Web browser vendors offer a portable web browser option which is considered as one of the features that provides user privacy. Portable web browser is a browser that can be launched from a USB flash drive without the need for its installation on the host machine. Most popular web browsers have portable versions of their browsers as well. Portable web browsing poses a great challenge to computer forensic investigators who try to reconstruct the past browsing history, in case of any computer incidence. This research examines various sources in the host machine such as physical memory, temporary, recent, event files, …
Malware In The Mobile Device Android Environment, Diana Hintea, Robert Bird, Andrew Walker
Malware In The Mobile Device Android Environment, Diana Hintea, Robert Bird, Andrew Walker
Annual ADFSL Conference on Digital Forensics, Security and Law
exploit smartphone operating systems has exponentially expanded. Android has become the main target to exploit due to having the largest install base amongst the smartphone operating systems and owing to the open access nature in which application installations are permitted. Many Android users are unaware of the risks associated with a malware infection and to what level current malware scanners protect them. This paper tests how efficient the currently available malware scanners are. To achieve this, ten representative Android security products were selected and tested against a set of 5,560 known and categorized Android malware samples. The tests were carried …
Forensic Analysis Of Smartphone Applications For Privacy Leakage, Diana Hintea, Chrysanthi Taramonli, Robert Bird, Rezhna Yusuf
Forensic Analysis Of Smartphone Applications For Privacy Leakage, Diana Hintea, Chrysanthi Taramonli, Robert Bird, Rezhna Yusuf
Annual ADFSL Conference on Digital Forensics, Security and Law
Smartphone and tablets are personal devices that have diffused to near universal ubiquity in recent years. As Smartphone users become more privacy-aware and -conscious, research is needed to understand how “leakage” of private information (personally identifiable information – PII) occurs. This study explores how leakage studies in Droid devices should be adapted to Apple iOS devices. The OWASP Zed Attack Proxy (ZAP) is examined for 50 apps in various categories. This study confirms that: (1) most apps transmit unencrypted sensitive PII, (2) SSL is used by some recipient websites, but without corresponding app compliance with SSL, and (3) most apps …
Inferring Previously Uninstalled Applications From Residual Partial Artifacts, Jim Jones, Tahir Khan, Kathryn Laskey, Alex Nelson, Mary Laamanen, Douglas White
Inferring Previously Uninstalled Applications From Residual Partial Artifacts, Jim Jones, Tahir Khan, Kathryn Laskey, Alex Nelson, Mary Laamanen, Douglas White
Annual ADFSL Conference on Digital Forensics, Security and Law
In this paper, we present an approach and experimental results to suggest the past presence of an application after the application has been uninstalled and the system has remained in use. Current techniques rely on the recovery of intact artifacts and traces, e.g., whole files, Windows Registry entries, or log file entries, while our approach requires no intact artifact recovery and leverages trace evidence in the form of residual partial files. In the case of recently uninstalled applications or an instrumented infrastructure, artifacts and traces may be intact and complete. In most cases, however, digital artifacts and traces are al- …
One-Time Pad Encryption Steganography System, Michael J. Pelosi, Gary Kessler, Michael Scott S. Brown
One-Time Pad Encryption Steganography System, Michael J. Pelosi, Gary Kessler, Michael Scott S. Brown
Annual ADFSL Conference on Digital Forensics, Security and Law
In this paper we introduce and describe a novel approach to adaptive image steganography which is combined with One-Time Pad encryption, and demonstrate the software which implements this methodology. Testing using the state-of-the-art steganalysis software tool StegExpose concludes the image hiding is reliably secure and undetectable using reasonably-sized message payloads (≤25% message bits per image pixel; bpp). Payload image file format outputs from the software include PNG, BMP, JP2, JXR, J2K, TIFF, and WEBP. A variety of file output formats is empirically important as most steganalysis programs will only accept PNG, BMP, and possibly JPG, as the file inputs.
Keywords: …
Applying Grounded Theory Methods To Digital Forensics Research, Ahmed Almarzooqi, Andrew Jones, Richard Howley
Applying Grounded Theory Methods To Digital Forensics Research, Ahmed Almarzooqi, Andrew Jones, Richard Howley
Annual ADFSL Conference on Digital Forensics, Security and Law
Deciding on a suitable research methodology is challenging for researchers. In this paper, grounded theory is presented as a systematic and comprehensive qualitative methodology in the emergent field of digital forensics research. This paper applies grounded theory in a digital forensics research project undertaken to study how organisations build and manage digital forensics capabilities. This paper gives a step-by-step guideline to explain the procedures and techniques of using grounded theory in digital forensics research. The paper gives a detailed explanation of how the three grounded theory coding methods (open, axial, and selective coding) can be used in digital forensics research. …
Covert6: A Tool To Corroborate The Existence Of Ipv6 Covert Channels, Raymond A. Hansen, Lourdes Gino, Dominic Savio
Covert6: A Tool To Corroborate The Existence Of Ipv6 Covert Channels, Raymond A. Hansen, Lourdes Gino, Dominic Savio
Annual ADFSL Conference on Digital Forensics, Security and Law
Covert channels are any communication channel that can be exploited to transfer information in a manner that violates the system’s security policy. Research in the field has shown that, like many communication channels, IPv4 and the TCP/IP protocol suite have been susceptible to covert channels, which could be exploited to leak data or be used for anonymous communications. With the introduction of IPv6, researchers are acutely aware that many vulnerabilities of IPv4 have been remediated in IPv6. However, a proof of concept covert channel system was demonstrated in 2006. A decade later, IPv6 and its related protocols have undergone major …
Acceleration Of Statistical Detection Of Zero-Day Malware In The Memory Dump Using Cuda-Enabled Gpu Hardware, Igor Korkin, Iwan Nesterow
Acceleration Of Statistical Detection Of Zero-Day Malware In The Memory Dump Using Cuda-Enabled Gpu Hardware, Igor Korkin, Iwan Nesterow
Annual ADFSL Conference on Digital Forensics, Security and Law
This paper focuses on the anticipatory enhancement of methods of detecting stealth software. Cyber security detection tools are insufficiently powerful to reveal the most recent cyber-attacks which use malware. In this paper, we will present first an idea of the highest stealth malware, as this is the most complicated scenario for detection because it combines both existing anti-forensic techniques together with their potential improvements. Second, we will present new detection methods which are resilient to this hidden prototype. To help solve this detection challenge, we have analyzed Windows’ memory content using a new method of Shannon Entropy calculation; methods of …
Using Computer Behavior Profiles To Differentiate Between Users In A Digital Investigation, Shruti Gupta, Marcus Rogers
Using Computer Behavior Profiles To Differentiate Between Users In A Digital Investigation, Shruti Gupta, Marcus Rogers
Annual ADFSL Conference on Digital Forensics, Security and Law
Most digital crimes involve finding evidence on the computer and then linking it to a suspect using login information, such as a username and a password. However, login information is often shared or compromised. In such a situation, there needs to be a way to identify the user without relying exclusively on login credentials. This paper introduces the concept that users may show behavioral traits which might provide more information about the user on the computer. This hypothesis was tested by conducting an experiment in which subjects were required to perform common tasks on a computer, over multiple sessions. The …
Current Challenges And Future Research Areas For Digital Forensic Investigation, David Lillis, Brett A. Becker, Tadhg O’Sullivan, Mark Scanlon
Current Challenges And Future Research Areas For Digital Forensic Investigation, David Lillis, Brett A. Becker, Tadhg O’Sullivan, Mark Scanlon
Annual ADFSL Conference on Digital Forensics, Security and Law
Given the ever-increasing prevalence of technology in modern life, there is a corresponding increase in the likelihood of digital devices being pertinent to a criminal investigation or civil litigation. As a direct consequence, the number of investigations requiring digital forensic expertise is resulting in huge digital evidence backlogs being encountered by law enforcement agencies throughout the world. It can be anticipated that the number of cases requiring digital forensic analysis will greatly increase in the future. It is also likely that each case will require the analysis of an increasing number of devices including computers, smartphones, tablets, cloud-based services, Internet …
Forensic Analysis Of Ares Galaxy Peer-To-Peer Network, Frank Kolenbrander, Nhien-An Le-Khac, Tahar Kechadi
Forensic Analysis Of Ares Galaxy Peer-To-Peer Network, Frank Kolenbrander, Nhien-An Le-Khac, Tahar Kechadi
Annual ADFSL Conference on Digital Forensics, Security and Law
Child Abuse Material (CAM) is widely available on P2P networks. Over the last decade several tools were made for 24/7 monitoring of peer-to-peer (P2P) networks to discover suspects that use these networks for downloading and distribution of CAM. For some countries the amount of cases generated by these tools is so great that Law Enforcement (LE) just cannot handle them all. This is not only leading to backlogs and prioritizing of cases but also leading to discussions about the possibility of disrupting these networks and sending warning messages to potential CAM offenders. Recently, investigators are reporting that they are creating …
Keynote Speaker, Chuck Easttom
Keynote Speaker, Chuck Easttom
Annual ADFSL Conference on Digital Forensics, Security and Law
Conference Keynote Speaker, Chuck Easttom