Law Commons^™

Digital Evidence Education In Schools Of Law, Aaron Alva, Barbara Endicott-Popovsky

Annual ADFSL Conference on Digital Forensics, Security and Law

An examination of State of Connecticut v. Julie Amero provides insight into how a general lack of understanding of digital evidence can cause an innocent defendant to be wrongfully convicted. By contrast, the 101-page opinion in Lorraine v. Markel American Insurance Co. provides legal precedence and a detailed consideration for the admission of digital evidence. An analysis of both cases leads the authors to recommend additions to Law School curricula designed to raise the awareness of the legal community to ensure such travesties of justice, as in the Amero case, don’t occur in the future. Work underway at the University …

After Five Years Of E-Discovery Missteps: Sanctions Or Safe Harbor?, Milton Luoma, Vicki Luoma

Annual ADFSL Conference on Digital Forensics, Security and Law

In 2003 the Zubulake case became the catalyst of change in the world of e-discovery. In that case Judge Shira Scheindlin of the United States District Court for the Southern District of New York set guidelines for e-discovery that served as the basis for amending the Federal Rules of Civil Procedure (FRCP) in December 2006. The amendments incorporated a number of concepts that were described by Judge Scheindlin in the Zubulake case. ( Zubulake v. UBS Warburg LLC, 2003) Since the Zubulake case and the FRCP amendments, numerous cases have interpreted these rules changes, but one of the main points …

A Case Study Of The Challenges Of Cyber Forensics Analysis Of Digital Evidence In A Child Pornography Trial, Richard Boddington

Annual ADFSL Conference on Digital Forensics, Security and Law

Perfunctory case analysis, lack of evidence validation, and an inability or unwillingness to present understandable analysis reports adversely affect the outcome course of legal trials reliant on digital evidence. These issues have serious consequences for defendants facing heavy penalties or imprisonment yet expect their defence counsel to have clear understanding of the evidence. Poorly reasoned, validated and presented digital evidence can result in conviction of the innocent as well as acquittal of the guilty. A possession of child pornography Case Study highlights the issues that appear to plague case analysis and presentation of digital evidence relied on in these odious …

Facilitating Forensics In The Mobile Millennium Through Proactive Enterprise Security, Andrew R. Scholnick

Annual ADFSL Conference on Digital Forensics, Security and Law

This work explores the impact of the emerging mobile communication device paradigm on the security-conscious enterprise, with regard to providing insights for proactive Information Assurance and facilitation of eventual Forensic analysis. Attention is given to technology evolution in the areas of best practices, attack vectors, software and hardware performance, access and activity monitoring, and architectural models.

Keywords: Forensics, enterprise security, mobile communication, best practices, attack vectors.

Multi-Parameter Sensitivity Analysis Of A Bayesian Network From A Digital Forensic Investigation, Richard E. Overill, Echo P. Zhang, Kam-Pui Chow

Annual ADFSL Conference on Digital Forensics, Security and Law

A multi-parameter sensitivity analysis of a Bayesian network (BN) used in the digital forensic investigation of the Yahoo! email case has been performed using the principle of ‘steepest gradient’ in the parameter space of the conditional probabilities. This procedure delivers a more reliable result for the dependence of the posterior probability of the BN on the values used to populate the conditional probability tables (CPTs) of the BN. As such, this work extends our previous studies using singleparameter sensitivity analyses of BNs, with the overall aim of more deeply understanding the indicative use of BNs within the digital forensic and …

Ipad2 Logical Acquisition: Automated Or Manual Examination?, Somaya Ali, Sumaya Alhosani, Farah Alzarooni, Ibrahim Baggili

Annual ADFSL Conference on Digital Forensics, Security and Law

Due to their usage increase worldwide, iPads are on the path of becoming key sources of digital evidence in criminal investigations. This research investigated the logical backup acquisition and examination of the iPad2 device using the Apple iTunes backup utility while manually examining the backup data (manual examination) and automatically parsing the backup data (Lantern software - automated examination). The results indicate that a manual examination of the logical backup structure from iTunes reveals more digital evidence, especially if installed application data is required for an investigation. However, the researchers note that if a quick triage is needed of an …

Cloud Forensics Investigation: Tracing Infringing Sharing Of Copyrighted Content In Cloud, Yi-Jun He, Echo P. Zhang, Lucas C.K. Hui, Siu Ming Yiu, K.P. Chow

Annual ADFSL Conference on Digital Forensics, Security and Law

Cloud Computing is becoming a significant technology trend nowadays, but its abrupt rise also creates a brand new front for cybercrime investigation with various challenges. One of the challenges is to track down infringing sharing of copyrighted content in cloud. To solve this problem, we study a typical type of content sharing technologies in cloud computing, analyze the challenges that the new technologies bring to forensics, formalize a procedure to get digital evidences and obtain analytical results based on the evidences to track down illegal uploader. Furthermore, we propose a reasoning model based on the probability distribution in a Bayesian …

A Fuzzy Hashing Approach Based On Random Sequences And Hamming Distance, Frank Breitinger, Harald Baier

Annual ADFSL Conference on Digital Forensics, Security and Law

Hash functions are well-known methods in computer science to map arbitrary large input to bit strings of a fixed length that serve as unique input identifier/fingerprints. A key property of cryptographic hash functions is that even if only one bit of the input is changed the output behaves pseudo randomly and therefore similar files cannot be identified. However, in the area of computer forensics it is also necessary to find similar files (e.g. different versions of a file), wherefore we need a similarity preserving hash function also called fuzzy hash function. In this paper we present a new approach for …

The Xbox 360 And Steganography: How Criminals And Terrorists Could Be "Going Dark", Ashley Podhradsky, Rob D’Ovidio, Cindy Casey

Annual ADFSL Conference on Digital Forensics, Security and Law

Video game consoles have evolved from single-player embedded systems with rudimentary processing and graphics capabilities to multipurpose devices that provide users with parallel functionality to contemporary desktop and laptop computers. Besides offering video games with rich graphics and multiuser network play, today's gaming consoles give users the ability to communicate via email, video and text chat; transfer pictures, videos, and file;, and surf the World-Wide-Web. These communication capabilities have, unfortunately, been exploited by people to plan and commit a variety of criminal activities. In an attempt to cover the digital tracks of these unlawful undertakings, anti-forensic techniques, such as steganography, …

Toward Alignment Between Communities Of Practice And Knowledge-Based Decision Support, Jason Nichols, David Biros, Mark Weiser

Annual ADFSL Conference on Digital Forensics, Security and Law

The National Repository of Digital Forensics Information (NRDFI) is a knowledge repository for law enforcement digital forensics investigators (LEDFI). Over six years, the NRDFI has undertaken significant design revisions in order to more closely align the architecture of the system with theory addressing motivation to share knowledge and communication within ego-centric groups and communities of practice. These revisions have been met with minimal change in usage patterns by LEDFI community members, calling into question the applicability of relevant theory when the domain for knowledge sharing activities expands beyond the confines of an individual organization to a community of practice. When …

Double-Compressed Jpeg Detection In A Steganalysis System, Jennifer L. Davidson, Pooja Parajape

Annual ADFSL Conference on Digital Forensics, Security and Law

The detection of hidden messages in JPEG images is a growing concern. Current detection of JPEG stego images must include detection of double compression: a JPEG image is double compressed if it has been compressed with one quality factor, uncompressed, and then re-compressed with a different quality factor. When detection of double compression is not included, erroneous detection rates are very high. The main contribution of this paper is to present an efficient double-compression detection algorithm that has relatively lower dimensionality of features and relatively lower computational time for the detection part, than current comparative classifiers. We use a model-based …

A Proposal For Incorporating Programming Blunder As Important Evidence In Abstraction-Filtration-Comparison Test, P. Vinod Bhattathiripad

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper investigates an unexplored concept in Cyber Forensics, namely, a Programming Blunder. Programming Blunder is identified as a variable or a code segment or a field in a database table, which is hardly used or executed in the context of the application or the user’s functionality. Blunder genes can be found in many parts of any program. It is the contention of this paper that this phenomenon of blunders needs to be studied systematically from its very genetic origins to their surface realizations in contrast to bugs and flaws, especially in view of their importance in software copyright infringement …

Update On The State Of The Science Of Digital Evidence Examination, Fred Cohen

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper updates previous work on the level of consensus in foundational elements of digital evidence examination. Significant consensus is found present only after definitions are made explicit, suggesting that, while there is a scientific agreement around some of the basic notions identified, the use of a common language is lacking.

Keywords: Digital forensics examination, terminology, scientific methodology, testability, validation, classification, scientific consensus