Open Access. Powered by Scholars. Published by Universities.®

Law Commons

Open Access. Powered by Scholars. Published by Universities.®

Legal Studies

PDF

Annual ADFSL Conference on Digital Forensics, Security and Law

Articles 1 - 30 of 169

Full-Text Articles in Law

Contents, Adfsl May 2018

Contents, Adfsl

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.


Front Matter, Adfsl May 2018

Front Matter, Adfsl

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.


Analysis Of Data Erasure Capability On Sshd Drives For Data Recovery, Andrew Blyth May 2018

Analysis Of Data Erasure Capability On Sshd Drives For Data Recovery, Andrew Blyth

Annual ADFSL Conference on Digital Forensics, Security and Law

Data Protection and Computer Forensics/Anti-Forensics has now become a critical area of concern for organizations. A key element to this is how data is sanitized at end of life. In this paper we explore Hybrid Solid State Hybrid Drives (SSHD) and the impact that various Computer Forensics and Data Recovery techniques have when performing data erasure upon a SSHD.


Knowledge Expiration In Security Awareness Training, Tianjian Zhang May 2018

Knowledge Expiration In Security Awareness Training, Tianjian Zhang

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.


Positive Identification Of Lsb Image Steganography Using Cover Image Comparisons, Michael Pelosi, Nimesh Poudel, Pratap Lamichhane, Devon Lam, Gary Kessler, Joshua Macmonagle May 2018

Positive Identification Of Lsb Image Steganography Using Cover Image Comparisons, Michael Pelosi, Nimesh Poudel, Pratap Lamichhane, Devon Lam, Gary Kessler, Joshua Macmonagle

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper we introduce a new software concept specifically designed to allow the digital forensics professional to clearly identify and attribute instances of LSB image steganography by using the original cover image in side-by-side comparison with a suspected steganographic payload image. The “CounterSteg” software allows detailed analysis and comparison of both the original cover image and any modified image, using sophisticated bit- and color-channel visual depiction graphics. In certain cases, the steganographic software used for message transmission can be identified by the forensic analysis of LSB and other changes in the payload image. The paper demonstrates usage and typical ...


Exploring The Use Of Graph Databases To Catalog Artifacts For Client Forensics, Rose Shumba May 2018

Exploring The Use Of Graph Databases To Catalog Artifacts For Client Forensics, Rose Shumba

Annual ADFSL Conference on Digital Forensics, Security and Law

Cloud computing has revolutionized the methods by which digital data is stored, processed, and transmitted. It is providing users with data storage and processing services, enabling access to resources through multiple devices. Although organizations continue to embrace the advantages of flexibility and scalability offered by cloud computing, insider threats are becoming a serious concern as cited by security researchers. Insiders can use authorized access to steal sensitive information, calling for the need for an investigation. This concept paper describes research in progress towards developing a Neo4j graph database tool to enhance client forensics. The tool, with a Python interface, allows ...


Non-Use Of A Mobile Phone During Conducting Crime Can Also Be Evidential, Vinod Polpaya Bhattathiripad Ph D May 2018

Non-Use Of A Mobile Phone During Conducting Crime Can Also Be Evidential, Vinod Polpaya Bhattathiripad Ph D

Annual ADFSL Conference on Digital Forensics, Security and Law

Cyber-clever criminals who are aware of the consequence of using mobile phones during conducting crimes often stay away from their phones while involved in crimes. Some of them even change their handset and SIM card, subsequently. This article looks into how, intentional disassociation (and even unintentional non-use) of mobile phone in (non-cyber) crimes, can become evidential clues of the perpetrators’ involvement in criminal acts. With the help of a recent judicial episode, this article reveals how extremely careful and masterful handling of extensive and voluminous Call Details Records and tower dumps by a cyber-savvy investigating official can unearth evidential clues ...


Forensic Analysis Of The Exfat Artifacts, Yves Vandermeer, An Lekhac, Tahar Kechadi, Joe Carthy May 2018

Forensic Analysis Of The Exfat Artifacts, Yves Vandermeer, An Lekhac, Tahar Kechadi, Joe Carthy

Annual ADFSL Conference on Digital Forensics, Security and Law

Although keeping some basic concepts inherited from FAT32, the exFAT file system introduces many differences, such as the new mapping scheme of directory entries. The combination of exFAT mapping scheme with the allocation of bitmap files and the use of FAT leads to new forensic possibilities. The recovery of deleted files, including fragmented ones and carving becomes more accurate compared with former forensic processes. Nowadays, the accurate and sound forensic analysis is more than ever needed, as there is a high risk of erroneous interpretation. Indeed, most of the related work in the literature on exFAT structure and forensics, is ...


Live Gpu Forensics: The Process Of Recovering Video Frames From Nvidia Gpu, Yazeed M. Albabtain, Baijian Yang May 2018

Live Gpu Forensics: The Process Of Recovering Video Frames From Nvidia Gpu, Yazeed M. Albabtain, Baijian Yang

Annual ADFSL Conference on Digital Forensics, Security and Law

The purpose of this research is to apply a graphics processing unit (GPU) forensics method to recover video artifacts from NVIDIA GPU. The tested video specs are 512 x 512 in resolution for video 1 and 800 x 600 in resolution for video 2. Both videos are mpeg4 video codec. A VLC player was used in the experiment. A special program has been developed using OpenCL to recover 1) patterns that are frames consist of pixel values and 2) dump data from the GPU global memory. The dump data that represent the video frame were located using simple steps. The ...


Unmanned Aerial Vehicle Forensic Investigation Process: Dji Phantom 3 Drone As A Case Study, Alan Roder, Kim-Kwang Raymond Choo, Nhien-A Le-Khac May 2018

Unmanned Aerial Vehicle Forensic Investigation Process: Dji Phantom 3 Drone As A Case Study, Alan Roder, Kim-Kwang Raymond Choo, Nhien-A Le-Khac

Annual ADFSL Conference on Digital Forensics, Security and Law

Drones (also known as Unmanned Aerial Vehicles – UAVs) are a potential source of evidence in a digital investigation, partly due to their increasing popularity in our society. However, existing UAV/drone forensics generally rely on conventional digital forensic investigation guidelines such as those of ACPO and NIST, which may not be entirely fit-for-purpose. In this paper, we identify the challenges associated with UAV/drone forensics. We then explore and evaluate existing forensic guidelines, in terms of their effectiveness for UAV/drone forensic investigations. Next, we present our set of guidelines for UAV/drone investigations. Finally, we demonstrate how the proposed ...


Detection And Recovery Of Anti-Forensic (Vault) Applications On Android Devices, Michaila Duncan, Umit Karabiyik May 2018

Detection And Recovery Of Anti-Forensic (Vault) Applications On Android Devices, Michaila Duncan, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

Significant number of mobile device users currently employ anti-forensics applications, also known as vault or locker applications, on their mobile devices in order to hide files such as photos. Because of this, investigators are required to spend a large portion of their time manually looking at the applications installed on the device. Currently, there is no automated method of detecting these anti-forensics applications on an Android device. This work presents the creation and testing of a vault application detection system to be used on Android devices. The main goal of this work is twofold: (i) Detecting and reporting the presence ...


Back Matter, Adfsl Feb 2018

Back Matter, Adfsl

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.


Front Matter, Adfsl Feb 2018

Front Matter, Adfsl

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.


Contents, Adfsl Feb 2018

Contents, Adfsl

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.


Exploring Digital Evidence With Graph Theory, Imani Palmer, Boris Gelfand, Roy Campbell May 2017

Exploring Digital Evidence With Graph Theory, Imani Palmer, Boris Gelfand, Roy Campbell

Annual ADFSL Conference on Digital Forensics, Security and Law

The analysis phase of the digital forensic process is the most complex. The analysis phase remains very subjective to the views of the forensic practitioner. There are many tools dedicated to assisting the investigator during the analysis process. However, they do not address the challenges. Digital forensics is in need of a consistent approach to procure the most judicious conclusions from the digital evidence. The objective of this paper is to discuss the ability of graph theory, a study of related mathematical structures, to aid in the analysis phase of the digital forensic process. We develop a graph-based representation of ...


Case Study: A New Method For Investigating Crimes Against Children, Hallstein Asheim Hansen, Stig Andersen, Stefan Axelsson, Svein Hopland May 2017

Case Study: A New Method For Investigating Crimes Against Children, Hallstein Asheim Hansen, Stig Andersen, Stefan Axelsson, Svein Hopland

Annual ADFSL Conference on Digital Forensics, Security and Law

Investigations of crimes against children are often complex, both in terms of the varied and large amount of digital technology encountered and the offensive nature of the crimes. Such cases are numerous, large, and prioritised, requiring digital forensics competence. Earlier digital forensics was considered and treated as a typical forensic science like fingerprint analysis, performed in a laboratory isolated from the investigative team. This decoupled way of working has proved to be both inefficient and error prone.

At the Digital Forensic Unit of Oslo Police District we have developed a new way of working that addresses many of the problems ...


Downstream Competence Challenges And Legal/Ethical Risks In Digital Forensics, Michael M. Losavio, Antonio Losavio May 2017

Downstream Competence Challenges And Legal/Ethical Risks In Digital Forensics, Michael M. Losavio, Antonio Losavio

Annual ADFSL Conference on Digital Forensics, Security and Law

Forensic practice is an inherently human-mediated system, from processing and collection of evidence to presentation and judgment. This requires attention to human factors and risks which can lead to incorrect judgments and unjust punishments.

For digital forensics, such challenges are magnified by the relative newness of the discipline and the use of electronic evidence in forensic proceedings. Traditional legal protections, rules of procedure and ethics rules mitigate these challenges. Application of those traditions better ensures forensic findings are reliable. This has significant consequences where findings may impact a person's liberty or property, a person's life or even the ...


Understanding Deleted File Decay On Removable Media Using Differential Analysis, James H. Jones Jr, Anurag Srivastava, Josh Mosier, Connor Anderson, Seth Buenafe May 2017

Understanding Deleted File Decay On Removable Media Using Differential Analysis, James H. Jones Jr, Anurag Srivastava, Josh Mosier, Connor Anderson, Seth Buenafe

Annual ADFSL Conference on Digital Forensics, Security and Law

Digital content created by picture recording devices is often stored internally on the source device, on either embedded or removable media. Such storage media is typically limited in capacity and meant primarily for interim storage of the most recent image files, and these devices are frequently configured to delete older files as necessary to make room for new files. When investigations involve such devices and media, it is sometimes these older deleted files that would be of interest. It is an established fact that deleted file content may persist in part or in its entirety after deletion, and identifying the ...


Development Of A Professional Code Of Ethics In Digital Forensics, Kathryn C. Seigfried-Spellar, Marcus Rogers, Danielle M. Crimmins 2184089 May 2017

Development Of A Professional Code Of Ethics In Digital Forensics, Kathryn C. Seigfried-Spellar, Marcus Rogers, Danielle M. Crimmins 2184089

Annual ADFSL Conference on Digital Forensics, Security and Law

Academics, government officials, and practitioners suggest the field of digital forensics is in need of a professional code of ethics. In response to this need, the authors developed and proposed a professional code of ethics in digital forensics. The current paper will discuss the process of developing the professional code of ethics, which included four sets of revisions based on feedback and suggestions provided by members of the digital forensic community. The final version of the Professional Code of Ethics in Digital Forensics includes eight statements, and we hope this is a step toward unifying the field of digital forensics ...


Harnessing Predictive Models For Assisting Network Forensic Investigations Of Dns Tunnels, Irvin Homem, Panagiotis Papapetrou May 2017

Harnessing Predictive Models For Assisting Network Forensic Investigations Of Dns Tunnels, Irvin Homem, Panagiotis Papapetrou

Annual ADFSL Conference on Digital Forensics, Security and Law

In recent times, DNS tunneling techniques have been used for malicious purposes, however network security mechanisms struggle to detect them. Network forensic analysis has been proven effective, but is slow and effort intensive as Network Forensics Analysis Tools struggle to deal with undocumented or new network tunneling techniques. In this paper, we present a machine learning approach, based on feature subsets of network traffic evidence, to aid forensic analysis through automating the inference of protocols carried within DNS tunneling techniques. We explore four network protocols, namely, HTTP, HTTPS, FTP, and POP3. Three features are extracted from the DNS tunneled traffic ...


Designing Laboratories For Small Scale Digital Device Forensics, Richard P. Mislan, Tim Wedge Oct 2016

Designing Laboratories For Small Scale Digital Device Forensics, Richard P. Mislan, Tim Wedge

Annual ADFSL Conference on Digital Forensics, Security and Law

The ubiquity of small scale digital devices (SSDD), the public’s ever increasing societal dependence on SSDD, and the continual presence of SSDD at all types of crime scenes, including non-technical and violent crimes, demand a formalized curriculum for the education and training of future cyber forensic examiners. This paper presents the various SSDD forensics labs currently in use and under development for future use at the Purdue University Cyber Forensics Laboratory. The primary objective of each module is to provide specific real-world cases for the learning, comprehension, and understanding of hands-on investigative techniques and methodologies. The purpose of this ...


Network Forensic Investigation Of Internal Misuse/Crime In Saudi Arabia: A Hacking Case, Abdulrazaq Al-Murjan, Konstantinos Xynos Oct 2016

Network Forensic Investigation Of Internal Misuse/Crime In Saudi Arabia: A Hacking Case, Abdulrazaq Al-Murjan, Konstantinos Xynos

Annual ADFSL Conference on Digital Forensics, Security and Law

There are ad-hoc guidelines and a limited policy on computer incident response that does not include computer forensic preparation procedures (e.g. logging incidents). In addition, these guidelines do not consider the requirement of Islamic law for admissible evidence at an organisational level in Saudi Arabia. Network forensic investigation might breach the Saudi law if they follow ad-hoc or international digital forensic standards such as Association of Chief Police Officers (ACPO) guidelines. This might put the organisation in a costly situation when a malicious employee sues an Islamic court. This is because the law of Saudi Arabia is complying with ...


Paper Session Ii: Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota Oct 2016

Paper Session Ii: Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota

Annual ADFSL Conference on Digital Forensics, Security and Law

With the proliferation of digital based evidence, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. In many investigations critical information is required while at the scene or within a short period of time - measured in hours as opposed to days. The traditional cyber forensics approach of seizing a system(s)/media, transporting it to the lab, making a forensic image(s), and then searching the entire system for potential evidence, is no longer appropriate in some circumstances. In cases such as child abductions, pedophiles, missing or exploited persons, time is of the ...


Development Of A National Repository Of Digital Forensic Intelligence, Mark Weiser, David P. Biros, Greg Mosier Oct 2016

Development Of A National Repository Of Digital Forensic Intelligence, Mark Weiser, David P. Biros, Greg Mosier

Annual ADFSL Conference on Digital Forensics, Security and Law

Many people do all of their banking online, we and our children communicate with peers through computer systems, and there are many jobs that require near continuous interaction with computer systems. Criminals, however, are also “connected”, and our online interaction provides them a conduit into our information like never before. Our credit card numbers and other fiscal information are at risk, our children's personal information is exposed to the world, and our professional reputations are on the line.

The discipline of Digital Forensics in law enforcement agencies around the nation and world has grown to match the increased risk ...


Designing A Data Warehouse For Cyber Crimes, Il-Yeol Song, John D. Maguire, Ki Jung Lee, Namyoun Choi, Xiaohua Hu, Peter Chen Oct 2016

Designing A Data Warehouse For Cyber Crimes, Il-Yeol Song, John D. Maguire, Ki Jung Lee, Namyoun Choi, Xiaohua Hu, Peter Chen

Annual ADFSL Conference on Digital Forensics, Security and Law

One of the greatest challenges facing modern society is the rising tide of cyber crimes. These crimes, since they rarely fit the model of conventional crimes, are difficult to investigate, hard to analyze, and difficult to prosecute. Collecting data in a unified framework is a mandatory step that will assist the investigator in sorting through the mountains of data. In this paper, we explore designing a dimensional model for a data warehouse that can be used in analyzing cyber crime data. We also present some interesting queries and the types of cyber crime analyses that can be performed based on ...


Assessing The Gap: Measure The Impact Of Phishing On An Organization, Brad Wardman May 2016

Assessing The Gap: Measure The Impact Of Phishing On An Organization, Brad Wardman

Annual ADFSL Conference on Digital Forensics, Security and Law

Phishing has become one of the most recognized words associated with cybercrime. As more organizations are being targeted by phishing campaigns, there are more options within the industry to deter such attacks. However, there is little research into how much damage these campaigns are causing organizations. This paper will show how financial organizations can be impacted by phishing and present a method for accurately quantifying resultant monetary losses. The methodology presented in this paper can be adapted to other organizations in order to quantify phishing losses across industries.

Keywords: phishing, cybercrime, economics


Sim Card Forensics: Digital Evidence, Nada Ibrahim, Nuha Al Naqbi, Farkhund Iqbal, Omar Alfandi May 2016

Sim Card Forensics: Digital Evidence, Nada Ibrahim, Nuha Al Naqbi, Farkhund Iqbal, Omar Alfandi

Annual ADFSL Conference on Digital Forensics, Security and Law

With the rapid evolution of the smartphone industry, mobile device forensics has become essential in cybercrime investigation. Currently, evidence forensically-retrieved from a mobile device is in the form of call logs, contacts, and SMSs; a mobile forensic investigator should also be aware of the vast amount of user data and network information that are stored in the mobile SIM card such as ICCID, IMSI, and ADN. The aim of this study is to test various forensic tools to effectively gather critical evidence stored on the SIM card. In the first set of experiments, we compare the selected forensic tools in ...


Wban Security Management In Healthcare Enterprise Environments, Karina Bahena, Manghui Tu May 2016

Wban Security Management In Healthcare Enterprise Environments, Karina Bahena, Manghui Tu

Annual ADFSL Conference on Digital Forensics, Security and Law

As healthcare data are pushed online, consumers have raised big concerns on the breach of their personal information. Law and regulations have placed businesses and public organizations under obligations to take actions to prevent such data breaches. Various vulnerabilities have been identified in healthcare enterprise environments, in which the Wireless Body Area Networks (WBAN) remains to be a major vulnerability, which can be easily taken advantage of by determined adversaries. Thus, vulnerabilities of WBAN systems and the effective countermeasure mechanisms to secure WBAN are urgently needed. In this research, first, the architecture of WBAN system has been explored, and the ...


Reverse Engineering A Nit That Unmasks Tor Users, Matthew Miller, Joshua Stroschein, Ashley Podhradsky May 2016

Reverse Engineering A Nit That Unmasks Tor Users, Matthew Miller, Joshua Stroschein, Ashley Podhradsky

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper is a case study of a forensic investigation of a Network Investigative Technique (NIT) used by the FBI to deanonymize users of a The Onion Router (Tor) Hidden Service. The forensic investigators were hired by the defense to determine how the NIT worked. The defendant was ac- cused of using a browser to access illegal information. The authors analyzed the source code, binary files and logs that were used by the NIT. The analysis was used to validate that the NIT collected only necessary and legally authorized information. This paper outlines the publicly available case details, how the ...


Forensics Analysis Of Privacy Of Portable Web Browsers, Ahmad Ghafarian May 2016

Forensics Analysis Of Privacy Of Portable Web Browsers, Ahmad Ghafarian

Annual ADFSL Conference on Digital Forensics, Security and Law

Web browser vendors offer a portable web browser option which is considered as one of the features that provides user privacy. Portable web browser is a browser that can be launched from a USB flash drive without the need for its installation on the host machine. Most popular web browsers have portable versions of their browsers as well. Portable web browsing poses a great challenge to computer forensic investigators who try to reconstruct the past browsing history, in case of any computer incidence. This research examines various sources in the host machine such as physical memory, temporary, recent, event files ...