Open Access. Powered by Scholars. Published by Universities.®

Law Commons

Open Access. Powered by Scholars. Published by Universities.®

Legal Studies

PDF

Annual ADFSL Conference on Digital Forensics, Security and Law

Articles 151 - 169 of 169

Full-Text Articles in Law

The Case For Teaching Network Protocols To Computer Forensics Examiners, Gary C. Kessler, Matt Fasulo Apr 2007

The Case For Teaching Network Protocols To Computer Forensics Examiners, Gary C. Kessler, Matt Fasulo

Annual ADFSL Conference on Digital Forensics, Security and Law

Most computer forensics experts are well-versed in basic computer hardware technology, operating systems, common software applications, and computer forensics tools. And while many have rudimentary knowledge about the Internet and simple network-lookup tools, they are not trained in the analysis of network communication protocols and the use of packet sniffers. This paper describes digital forensics applications for network analysis and includes four case studies.

Keywords: computer forensics education, network forensics, protocol analysis


Do Current Erasure Programs Remove Evidence Of Bittorrent Activity?, Andrew Woodward, Craig Valli Apr 2007

Do Current Erasure Programs Remove Evidence Of Bittorrent Activity?, Andrew Woodward, Craig Valli

Annual ADFSL Conference on Digital Forensics, Security and Law

This research in progress aims to evaluate the effectiveness of commercial programs to erase traces of the use of BitTorrent software. The erasure programs MaxErase, P2PDoctor, Privacy Suite, Window Washer and R-Clean and Wipe were used on a machine that had used the BitTorrent client Azureus to download two torrent files. The drive was imaged and then searched for torrent files. The registry was also examined on the source machine. The program R-Clean and Wipe left evidence in both the registry and the image of the name and type of files that had been downloaded with this software. Of greater ...


Textbooks For Computer Forensic Courses: A Preliminary Study, Jigang Liu, Larry Gottschalk, Kuodi Jian Apr 2007

Textbooks For Computer Forensic Courses: A Preliminary Study, Jigang Liu, Larry Gottschalk, Kuodi Jian

Annual ADFSL Conference on Digital Forensics, Security and Law

As computer forensics develops into one of the fastest-growing areas in the computer related fields, many universities and colleges are offering or are planning to offer a course in computer forensics. When instructors begin to develop a new course in the area, one of critical questions they would ask is what textbook should be used. To better answer the question, we conducted a study in which we tried to find which textbooks are being used in computer forensic courses. We believe that the results and analysis of our study will help instructors in choosing adequate textbooks for their new course ...


Towards Redaction Of Digital Information From Electronic Devices, Gavin W. Manes, Lance Watson, David Greer, Alex Barclay, John Hale Apr 2007

Towards Redaction Of Digital Information From Electronic Devices, Gavin W. Manes, Lance Watson, David Greer, Alex Barclay, John Hale

Annual ADFSL Conference on Digital Forensics, Security and Law

In the discovery portion of court proceedings, it is necessary to produce information to opposing counsel. Traditionally, this information is in paper form with all privileged information removed. Increasingly, the information requested during discovery exists in digital form and savvy counsel is requesting direct access to the original digital source: a broad spectrum of additional digital information can be often be extracted using digital forensics. This paper describes the major problems which must be solved to redact digital information from electronic devices. The primary hurdle facing digital redaction is the lack of a rational process for systematically handling encoded, encrypted ...


Investigating Information Structure Of Phishing Emails Based On Persuasive Communication Perspective, Ki Jung Lee, Il-Yeol Song Apr 2007

Investigating Information Structure Of Phishing Emails Based On Persuasive Communication Perspective, Ki Jung Lee, Il-Yeol Song

Annual ADFSL Conference on Digital Forensics, Security and Law

Current approaches of phishing filters depend on classifying messages based on textually discernable features such as IP-based URLs or domain names as those features that can be easily extracted from a given phishing message. However, in the same sense, those easily perceptible features can be easily manipulated by sophisticated phishers. Therefore, it is important that universal patterns of phishing messages should be identified for feature extraction to serve as a basis for text classification. In this paper, we demonstrate that user perception regarding phishing message can be identified in central and peripheral routes of information processing. We also present a ...


Teams Responsibilities For Digital Forensic Process, Salma Abdalla, Sherif Hazem, Sherif Hashem Apr 2007

Teams Responsibilities For Digital Forensic Process, Salma Abdalla, Sherif Hazem, Sherif Hashem

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper presents a detailed digital forensics process model and the responsible teams to perform it. The discussed model presents three teams and a forensic leader who coordinate between the three teams; these teams are physical crime scene team, laboratory examination team and courtroom team. These teams are responsible of achieving the digital forensic model by applying five main phases which are preparation phase, physical forensics and investigation phase, digital forensics phase, reporting and presentation phase and closure phase.

Most of the existing models in this field are either theoretical that deals with data processing or based on a legal ...


The Gap Between Theory And Practice In Digital Forensics, Joseph C. Sremack Apr 2007

The Gap Between Theory And Practice In Digital Forensics, Joseph C. Sremack

Annual ADFSL Conference on Digital Forensics, Security and Law

Digital forensics is a young field that is being defined by the reactive nature of its development – in terms of both research and practice. As technology develops, digital forensics is forced to react and adapt. The rapid development of technology and the lack of an established theoretical foundation has led to a disconnect between the theory and practice of digital forensics. While the base theoretical issues are being worked on by researchers, practitioners are dealing with entirely new sets of issues. The complexity of investigations is increasing, and anti-forensics techniques are advancing as well. The disconnect will be resolved by ...


Guideline Model For Digital Forensic Investigation, Salma Abdalla, Sherif Hazem, Sherif Hashem Apr 2007

Guideline Model For Digital Forensic Investigation, Salma Abdalla, Sherif Hazem, Sherif Hashem

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper proposes a detailed guideline model for digital forensics; the proposed model consists of five main phases, Preparation phase, Physical Forensics and Investigation Phase, Digital Forensics Phase, Reporting and Presentation Phase, and Closure Phase.

Most of the existing models in this field do not cover all aspects of digital forensic investigations, as they focus mainly on the processing of digital evidence or on the legal points. Although they gave good information to base on it a guide, but they are not detailed enough to describe fully the investigative process in a way that can be used by investigators during ...


New Federal Rules And Digital Evidence, Gavin W. Manes, Elizabeth Downing, Lance Watson, Christopher Thrutchley Apr 2007

New Federal Rules And Digital Evidence, Gavin W. Manes, Elizabeth Downing, Lance Watson, Christopher Thrutchley

Annual ADFSL Conference on Digital Forensics, Security and Law

The newly revised Federal Rules of Civil Procedure and developments under the Federal Rules of Evidence have a significant impact on the use, collection, and treatment of digital evidence for legal proceedings. The Rules now formally grant electronic documents and digital evidence the same status as paper and other forms of tangible evidence. As a result, the availability and proper preservation of potentially relevant electronic evidence must be considered, at the very latest, in the preliminary stages of litigation and, at the earliest, as soon as litigation is reasonably anticipated. It is important for professionals to be familiar with the ...


The General Digital Forensics Model, Steven Rigby, Marcus K. Rogers Apr 2007

The General Digital Forensics Model, Steven Rigby, Marcus K. Rogers

Annual ADFSL Conference on Digital Forensics, Security and Law

The lack of a graphical representation of all of the principles, processes, and phases necessary to carry out an digital forensic investigation is a key inhibitor to effective education in this newly emerging field of study. Many digital forensic models have been suggested for this purpose but they lack explanatory power as they are merely a collection of lists or one-dimensional figures. This paper presents a new multi-dimensional model, the General Digital Forensics Model (GDFM), that shows the relationships and inter-connectedness of the principles and processes needed within the domain of digital forensics.

Keywords: process model, computer forensics, expert learning ...


The Evolution Of Internet Legal Regulation In Addressing Crime And Terrorism, Murdoch Watney Apr 2007

The Evolution Of Internet Legal Regulation In Addressing Crime And Terrorism, Murdoch Watney

Annual ADFSL Conference on Digital Forensics, Security and Law

Internet regulation has evolved from self-regulation to the criminalization of conduct to state control of information available, accessed and submitted. Criticism has been leveled at the different forms of state control and the methods employed to enforce state control. After the terrorist attack on the USA on 11 September 2001, governments justify Internet state control as a law enforcement and national security tool against the abuse and misuse of the Internet for the commission of serious crimes, such as phishing, child pornography; terrorism and copyright infringement. Some Internet users and civil rights groups perceive state control as an abomination which ...


Monitoring And Surveillance In The Workplace: Lessons Learnt? – Investigating The International Legal Position, Verine Etsebeth Apr 2007

Monitoring And Surveillance In The Workplace: Lessons Learnt? – Investigating The International Legal Position, Verine Etsebeth

Annual ADFSL Conference on Digital Forensics, Security and Law

When considering the legal implications of monitoring and surveillance in the workplace, the question may be asked why companies deploy computer surveillance and monitoring in the first place. Several reasons may be put forward to justify why more than 80% of all major American firms monitor employee e-mails and Internet usage. However, what most companies forget is the fact that the absence or presence of monitoring and surveillance activities in a company holds serious legal consequences for companies. From the discussion in this paper it will become apparent that there is a vast difference in how most countries approach this ...


An Exploratory Analysis Of Computer Mediated Communications On Cyberstalking Severity, Stephen D. Barnes, David P. Biros Apr 2007

An Exploratory Analysis Of Computer Mediated Communications On Cyberstalking Severity, Stephen D. Barnes, David P. Biros

Annual ADFSL Conference on Digital Forensics, Security and Law

The interaction between disjunctive interpersonal relationships, those where the parties to the relationship disagree on the goals of the relationship, and the use of computer mediated communications channels is a relatively unexplored domain. Bargh (2002) suggests that CMC channels can amplify the development of interpersonal relationships, and notes that the effect is not constant across communications activities. This proposal suggests a line of research that explores the interaction between computer mediated communications (CMC) and stalking, which is a common form of disjunctive relationships. Field data from cyberstalking cases will be used to look at the effects of CMC channels on ...


Paper Session Iv: Development And Delivery Of Coursework - The Legal/Regulatory/Policy Environment Of Cyberforensics, John W. Bagby, John C. Ruhnka Apr 2006

Paper Session Iv: Development And Delivery Of Coursework - The Legal/Regulatory/Policy Environment Of Cyberforensics, John W. Bagby, John C. Ruhnka

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper describes a cyber-forensics course that integrates important public policy and legal issues as well as relevant forensic techniques. Cyber-forensics refers to the amalgam of multi-disciplinary activities involved in the identification, gathering, handling, custody, use and security of electronic files and records, involving expertise from the forensic domain, and which produces evidence useful in the proof of facts for both commercial and legal activities. The legal and regulatory environment in which electronic discovery takes place is of critical importance to cyber-forensics experts because the legal process imposes both constraints and opportunities for the effective use of evidence gathered through ...


Paper Session V: Steganography And Terrorist Communications - Current Information And Trends - Tools, Analysis And Future Directions In Steganalysis In Context With Terrorists And Other Criminals, William Eyre, Marcus Rogers Apr 2006

Paper Session V: Steganography And Terrorist Communications - Current Information And Trends - Tools, Analysis And Future Directions In Steganalysis In Context With Terrorists And Other Criminals, William Eyre, Marcus Rogers

Annual ADFSL Conference on Digital Forensics, Security and Law

In ancient times, users communicated using steganography, “…derived from the Greek words steganos, meaning ‘covered’, and graphein, meaning ‘to write.’” (Singh, 1999, p.5) Steganography facilitates secret, undetected communication. In modern times, in the context of the Global War on Terror, national intelligence and law enforcement agencies need tools to detect hidden information (steganography) in various types of media, most specifically to uncover the placement of hidden information in images. This paper will look at steganography in general terms, presenting the theory of some common steganographic techniques and touching on some theoretical work in steganography. Then a discussion of how ...


Paper Session V: Forensic Software Tools For Cell Phone Subscriber Identity Modules, Wayne Jansen, Rick Ayers Apr 2006

Paper Session V: Forensic Software Tools For Cell Phone Subscriber Identity Modules, Wayne Jansen, Rick Ayers

Annual ADFSL Conference on Digital Forensics, Security and Law

Cell phones and other handheld devices incorporating cell phone capabilities (e.g., smart phones) are ubiquitous. Besides placing calls, cell phones allow users to perform other tasks such as text messaging and phonebook entry management. When cell phones and cellular devices are involved in a crime or other incident, forensic specialists require tools that allow the proper retrieval and speedy examination of data present on the device. For devices conforming to the Global System for Mobile Communications (GSM) standards, certain data such as dialed numbers, text messages, and phonebook entries are maintained on a Subscriber Identity Module (SIM). This paper ...


Paper Session Iv: Toward Understanding Digital Forensics As A Profession: Defining Curricular Needs (***Research In Process ***), Michelle Wolf, Alan Shafer, Michael Gendron Apr 2006

Paper Session Iv: Toward Understanding Digital Forensics As A Profession: Defining Curricular Needs (***Research In Process ***), Michelle Wolf, Alan Shafer, Michael Gendron

Annual ADFSL Conference on Digital Forensics, Security and Law

This research paper presents research in process which attempts to define the common body of knowledge (CBK) of digital forensics. Digital forensics is not well defined not does it have a generally accepted CBK. The first three phases of completed research, in a four-phase research process are discussed. The early results have created a preliminary CBK, and final validation is underway.


Paper Session Ii: Forensic Scene Documentation Using Mobile Technology, Ibrahim Baggili Apr 2006

Paper Session Ii: Forensic Scene Documentation Using Mobile Technology, Ibrahim Baggili

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper outlines a framework for integrating forensic scene documentation with mobile technology. Currently there are no set standards for documenting a forensic scene. Nonetheless, there is a conceptual framework that forensic scientists and engineers use that includes note taking, scene sketches, photographs, video, and voice interview recordings. This conceptual framework will be the basis that a mobile forensic scene documentation software system is built on. A mobile software system for documenting a forensic scene may help in standardizing forensic scene documentation by regulating the data collection and documentation processes for various forensic disciplines.


Paper Session Iii: Research Brief: A Curriculum For Teaching Information Technology Investigative Techniques For Auditors, Grover S. Kearns, Elizabeth V. Mulig Apr 2006

Paper Session Iii: Research Brief: A Curriculum For Teaching Information Technology Investigative Techniques For Auditors, Grover S. Kearns, Elizabeth V. Mulig

Annual ADFSL Conference on Digital Forensics, Security and Law

Recent prosecutions of highly publicized white-collar crimes combined with public outrage have resulted in heightened regulation and greater emphasis on systems of internal control. Because both white-collar and cybercrimes are usually perpetrated through computers, auditors’ knowledge of information technology (IT) is now more vital than ever. However, preserving digital evidence and investigative techniques, which can be essential to fraud examinations, are not skills frequently taught in accounting programs. Furthermore, many students are not instructed in the use of computer assisted auditing tools and techniques – applications that might uncover fraudulent activity. Only a limited number of university-level accounting classes provide instruction ...