Computer Law Commons^™

Product Life Cycle Theory And The Maturation Of The Internet, Christopher S. Yoo

All Faculty Scholarship

Much of the recent debate over Internet policy has focused on the permissibility of business practices that are becoming increasingly common, such as new forms of network management, prioritization, pricing, and strategic partnerships. This Essay analyzes these developments through the lens of the management literature on the product life cycle, dominant designs, technological trajectories and design hierarchies, and the role of complementary assets in determining industry structure. This analysis suggests that many of these business practices may represent nothing more than a reflection of how the nature of competition changes as industries mature. This in turn suggests that network neutrality …

Public Consultations On Net Neutrality 2010: Usa, Eu And France, Sulan Wong, Julio Rojas Mora, Eitan Altman

Julio Rojas-Mora

The evolution of the Internet has come to a point where almost at the same time, governments all around the world feel the need for legislation to regulate the use of the Internet. In preparing the legislation, consultations were called by various governments or by the corresponding regulation bodies. We describe in this paper the various consultations as well as the background related to the Net Neutrality question in each case. Rather than describing the answers to each consultation, which are available and which have already been analyzed, we focus on comparing the consultations and the statistical figures related to …

Is The Internet A Maturing Market? If So, What Does That Imply?, Christopher S. Yoo

All Faculty Scholarship

Network providers are experimenting with a variety of new business arrangements. Some are offering specialized services the guarantee higher levels of quality of service those willing to pay for it. Others are entering into strategic partnerships that allocate more bandwidth to certain sources. Interestingly, a management literature exists suggesting that both developments may simply reflect the ways that the nature of competition and innovation can be expected as markets mature. The real question is not if the nature of competition and innovation will change, but rather when and how. This theory also suggests that policymakers should be careful not to …

Computer Forensics For Graduate Accountants: A Motivational Curriculum Design Approach, Grover S. Kearns

Annual ADFSL Conference on Digital Forensics, Security and Law

Computer forensics involves the investigation of digital sources to acquire evidence that can be used in a court of law. It can also be used to identify and respond to threats to hosts and systems. Accountants use computer forensics to investigate computer crime or misuse, theft of trade secrets, theft of or destruction of intellectual property, and fraud. Education of accountants to use forensic tools is a goal of the AICPA (American Institute of Certified Public Accountants). Accounting students, however, may not view information technology as vital to their career paths and need motivation to acquire forensic knowledge and skills. …

The Defiance College Undergraduate Major In Digital Forensic Science: Setting The Bar Higher, Gregg H. Gunsch

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper provides background information to accompany the panel discussion on Curriculum Design and Implementation in Computer Forensics Education. It is specifically focused on the content and delivery of Defiance College’s undergraduate (B.S.) program majoring in Digital Forensic Science (DFS). The genesis and evolution of the Defiance College DFS program are described, along with its successes, challenges and known opportunities for improvement. The desired outcomes of the panel discussion include articulating the necessary components of an undergraduate program, refining expectations of knowledge and skills required of students upon graduation, and suggesting strategies for achieving those expectations despite inevitable resource limitations …

Digital Records Forensics: A New Science And Academic Program For Forensic Readiness, Luciana Duranti, Barbara Endicott-Popovsky

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper introduces the Digital Records Forensics project, a research endeavour located at the University of British Columbia in Canada and aimed at the development of a new science resulting from the integration of digital forensics with diplomatics, archival science, information science and the law of evidence, and of an interdisciplinary graduate degree program, called Digital Records Forensics Studies, directed to professionals working for law enforcement agencies, legal firms, courts, and all kind of institutions and business that require their services. The program anticipates the need for organizations to become “forensically ready,” defined by John Tan as “maximizing the ability …

Canvass - A Steganalysis Forensic Tool For Jpeg Images, Jennifer L. Davidson, Jaikishan Jalan

Annual ADFSL Conference on Digital Forensics, Security and Law

Steganography is a way to communicate a message such that no one except the sender and recipient suspects the existence of the message. This type of covert communication lends itself to a variety of different purposes such as spy-to-spy communication, exchange of pornographic material hidden in innocuous image files, and other illicit acts. Computer forensic personnel have an interest in testing for possible steganographic files, but often do not have access to the technical and financial resources required to perform steganalysis in an effective manner. This paper describes the results of a funded effort by a grant from the National …

A Layered Framework Approach To Mitigate Crimeware, Mathew Nyamagwa

Annual ADFSL Conference on Digital Forensics, Security and Law

Crimeware attacks are growing at such an alarming rate and are becoming so prevalent that the FBI now rank cybercrime among its top priorities after terrorism and espionage. New studies estimate cyber crimes cost firms an astounding $1 trillion annually. But the good news? Over 80% of them are preventable. Crimeware is not a purely technical threat but more or a socio-technical affair. This clearly brings out the fact that computers do not commit a crime, but we (humans) do! In this paper I propose a layered approach that involves all stakeholders from end-users to service-providers and law enforcement to …

Measuring Whitespace Patterns As An Indication Of Plagiarism, Ilana Shay, Nikolaus Baer, Robert Zeidman

Annual ADFSL Conference on Digital Forensics, Security and Law

There are several different methods of comparing source code from different programs to find copying1 . Perhaps the most common method is comparing source code statements, comments, strings, identifiers, and instruction sequences. However, there are anecdotes about the use of whitespace patterns in code. These virtually invisible patterns of spaces and tabs have been used in litigation to imply copying, but no formal study has been performed that shows that these patterns can actually identify copied code. This paper presents a detailed study of whitespace patterns and the uniqueness of these patterns in different programs.

Keywords: Copyright Infringement, Intellectual Property, …

Electronic Discovery: A Fool’S Errand Where Angels Fear To Tread?, Milton Luoma, Vicki Luoma

Annual ADFSL Conference on Digital Forensics, Security and Law

Electronic discovery has transformed the discovery phase of civil litigation in recent years. The expectations of lawyers and parties were initially established in the Rowe and Zubulake cases that led to a complete revision of the electronic discovery rules contained in the Federal Rules of Civil Procedure. Subsequent cases have underscored the importance of document search methodologies and implications for attorneys, IT professionals, and digital forensics professionals. The authors review how electronic discovery has evolved thus far and offer recommendations regarding the electronic discovery process.

Keywords: Electronic discovery, e-discovery, keyword search, concept search,

Hard Disk Storage: Firmware Manipulation And Forensic Impact And Current Best Practice, Gareth Davies, Iain Sutherland

Annual ADFSL Conference on Digital Forensics, Security and Law

The most common form of storage media utilized in both commercial and domestic systems is the hard disk drive, consequently these devices feature heavily in digital investigations. Hard disk drives are a collection of complex components. These components include hardware and firmware elements that are essential for the effective operation of the drive. There are now a number of devices available, intended for data recovery, which can be used to manipulate the firmware components contained within the drive. It has been previously shown that it is possible to alter firmware for malicious purposes, either to conceal information or to prevent …

Social Networking: A Boon To Criminals, Tejashree D. Datar, Richard Mislan

Annual ADFSL Conference on Digital Forensics, Security and Law

With the world getting more and more digitized, social networking has also found a place in the cyber world. These social networking sites (SNSs) which enable people to socialize, and build and maintain relationships are attracting attention of all kinds of people such as teens, adults, sports persons, and even businesses. But these SNSs are also getting unwanted attention from people like sexual predators, spammers, and people involved in criminal and illegal activities. This paper talks about SNSs and how these sites are exploited for criminal or illegal activity. The SNSs are discussed in detail with respect to user profiles, …

Organizational Handling Of Digital Evidence, Sheona A. Hoolachan, William B. Glisson

Annual ADFSL Conference on Digital Forensics, Security and Law

There are a number of factors that impact a digital forensics investigation. These factors include: the digital media in question, implemented processes and methodologies, the legal aspects, and the individuals involved in the investigation. This paper presents the initial idea that Digital Forensic Practice (DFP) recommendations can potentially improve how organizations handle digital evidence. The recommendations are derived from an in-depth survey conducted with practitioners in both commercial organizations and law enforcement along with supporting literature. The recommendations presented in this paper can be used to assess an organization’s existing digital forensics practices and a guide to Digital Forensics Improvement …

A Framework To Integrate The Data Of Interview Investigation And Digital Evidence, Fahad Alshathry

Annual ADFSL Conference on Digital Forensics, Security and Law

The physical interview process in crime investigation produces an extremely large amount of data, particularly in big cases. In comparison, examiners of digital evidence have enormous amounts of data to search through whilst looking for data relating to the investigation. However, the links between their results are limited. Whilst investigators need to refute or support their hypothesis throughout, digital evidence examiners often use search based keywords. These keywords are usually created from evidence taken from the physical investigation reports and this basic method has been found to have many shortcomings and limitations. This paper proposes a highly automatic framework to …

Developing Voip Honeypots: A Preliminary Investigation Into Malfeasant Activity, Craig Valli

Annual ADFSL Conference on Digital Forensics, Security and Law

30 years ago PABX systems were compromised by hackers wanting to make long distance calls at some other entities expense. This activity faded as telephony became cheaper and PABX systems had countermeasures installed to overcome attacks. Now the world has moved onto the provision of telephony via broadband enabled Voice over Internet Protocol (VoIP) with this service now being provided as a replacement for conventional fixed wire telephony by major telecommunication providers worldwide. Due to increasing bandwidth it is possible for systems to support multiple voice connections simultaneously. The networked nature of the Internet allows for attackers of these VoIP …

Higate (High Grade Anti‐Tamper Equipment) Prototype And Application To E‐Discovery, Yui Sakurai, Yuki Ashino, Tetsutaro Uehara, Hiroshi Yoshiura, Ryoichi Sasaki

Annual ADFSL Conference on Digital Forensics, Security and Law

These days, most data is digitized and processed in various ways by computers. In the past, computer owners were free to process data as desired and to observe the inputted data as well as the interim results. However, the unrestricted processing of data and accessing of interim results even by computer users is associated with an increasing number of adverse events. These adverse events often occur when sensitive data such as personal or confidential business information must be handled by two or more parties, such as in the case of e-Discovery, used in legal proceedings, or epidemiologic studies. To solve …

Developing A Baccalaureate Digital Forensics Major, John H. Riley

Annual ADFSL Conference on Digital Forensics, Security and Law

As colleges and universities consider instituting a bachelor’s degree in digital forensics or computer forensics, there are numerous questions to be addressed. While some of these normally occur in the development of any new major, there are aspects of digital forensics which do not often (if ever) occur in other majors. We discuss the issues that should be resolved in the development of a baccalaureate degree program in digital forensics.

Keywords: Digital forensics major. Computer forensics major.

Network Neutrality Or Internet Innovation?, Christopher S. Yoo

All Faculty Scholarship

Over the past two decades, the Internet has undergone an extensive re-ordering of its topology that has resulted in increased variation in the price and quality of its services. Innovations such as private peering, multihoming, secondary peering, server farms, and content delivery networks have caused the Internet’s traditionally hierarchical architecture to be replaced by one that is more heterogeneous. Relatedly, network providers have begun to employ an increasingly varied array of business arrangements and pricing. This variation has been interpreted by some as network providers attempting to promote their self interest at the expense of the public. In fact, these …

Solid State Drives: The Beginning Of The End For Current Practice In Digital Forensic Recovery?, Graeme B. Bell, Richard Boddington

Journal of Digital Forensics, Security and Law

Digital evidence is increasingly relied upon in computer forensic examinations and legal proceedings in the modern courtroom. The primary storage technology used for digital information has remained constant over the last two decades, in the form of the magnetic disc. Consequently, investigative, forensic, and judicial procedures are well-established for magnetic disc storage devices (Carrier, 2005). However, a paradigm shift has taken place in technology storage and complex, transistor-based devices for primary storage are now increasingly common. Most people are aware of the transition from portable magnetic floppy discs to portable USB transistor flash devices, yet the transition from magnetic hard …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Clustering Spam Domains And Destination Websites: Digital Forensics With Data Mining, Chun Wei, Alan Sprague, Gary Warner, Anthony Skjellum

Journal of Digital Forensics, Security and Law

Spam related cyber crimes have become a serious threat to society. Current spam research mainly aims to detect spam more effectively. We believe the identification and disruption of the supporting infrastructure used by spammers is a more effective way of stopping spam than filtering. The termination of spam hosts will greatly reduce the profit a spammer can generate and thwart his ability to send more spam. This research proposes an algorithm for clustering spam domains extracted from spam emails based on the hosting IP addresses and tracing the IP addresses over a period of time. The results show that many …

The Changing Patterns Of Internet Usage, Christopher S. Yoo

All Faculty Scholarship

The Internet unquestionably represents one of the most important technological developments in recent history. It has revolutionized the way people communicate with one another and obtain information and created an unimaginable variety of commercial and leisure activities. Interestingly, many members of the engineering community often observe that the current network is ill-suited to handle the demands that end users are placing on it. Indeed, engineering researchers often describe the network as ossified and impervious to significant architectural change. As a result, both the U.S. and the European Commission are sponsoring “clean slate” projects to study how the Internet might be …

Innovations In The Internet’S Architecture That Challenge The Status Quo, Christopher S. Yoo

All Faculty Scholarship

The current debate over broadband policy has largely overlooked a number of changes to the architecture of the Internet that have caused the price paid by and quality of service received by traffic traveling across the Internet to vary widely. Topological innovations, such as private peering, multihoming, secondary peering, server farms, and content delivery networks, have caused the Internet’s traditionally hierarchical architecture to be replaced by one that is more heterogeneous. Moreover, network providers have begun to employ an increasingly varied array of business arrangements. Some of these innovations are responses to the growing importance of peer-to-peer technologies. Others, such …

Identifying A Computer Forensics Expert: A Study To Measure The Characteristics Of Forensic Computer Examiners, Gregory H. Carlton, Reginald Worthley

Journal of Digital Forensics, Security and Law

The usage of digital evidence from electronic devices has been rapidly expanding within litigation, and along with this increased usage, the reliance upon forensic computer examiners to acquire, analyze, and report upon this evidence is also rapidly growing. This growing demand for forensic computer examiners raises questions concerning the selection of individuals qualified to perform this work. While courts have mechanisms for qualifying witnesses that provide testimony based on scientific data, such as digital data, the qualifying criteria covers a wide variety of characteristics including, education, experience, training, professional certifications, or other special skills. In this study, we compare task …

Adaptation Of Pyflag To Efficient Analysis Of Seized Computer Data Storage, Aleksander Byrski, Wojciech Stryjewski, Bartłomiej Czechowicz

Journal of Digital Forensics, Security and Law

Based on existing software aimed at investigation support in the analysis of computer data storage seized during investigation (PyFlag), an extension is proposed involving the introduction of dedicated components for data identification and filtering. Hash codes for popular software contained in NIST/NSRL database are considered in order to avoid unwanted files while searching and to classify them into several categories. The extension allows for further analysis, e.g. using artificial intelligence methods. The considerations are illustrated by the overview of the system's design.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Computer Forensic Functions Testing: Media Preparation, Write Protection And Verification, Yinghua Guo, Jill Slay

Journal of Digital Forensics, Security and Law

The growth in the computer forensic field has created a demand for new software (or increased functionality to existing software) and a means to verify that this software is truly forensic i.e. capable of meeting the requirements of the trier of fact. In this work, we review our previous work---a function oriented testing framework for validation and verification of computer forensic tools. This framework consists of three parts: function mapping, requirements specification and reference set development. Through function mapping, we give a scientific and systemized description of the fundamentals of computer forensic discipline, i.e. what functions are needed in the …

Higate (High Grade Anti-Tamper Equipment) Prototype And Application To E-Discovery, Yui Sakurai, Yuki Ashino, Tetsutaro Uehara, Hiroshi Yoshiura, Ryoichi Sasaki

Journal of Digital Forensics, Security and Law

These days, most data is digitized and processed in various ways by computers. In the past, computer owners were free to process data as desired and to observe the inputted data as well as the interim results. However, the unrestricted processing of data and accessing of interim results even by computer users is associated with an increasing number of adverse events. These adverse events often occur when sensitive data such as personal or confidential business information must be handled by two or more parties, such as in the case of e-Discovery, used in legal proceedings, or epidemiologic studies. To solve …

Developing Voip Honeypots: A Preliminary Investigation Into Malfeasant Activity, Craig Valli

Journal of Digital Forensics, Security and Law

30 years ago PABX systems were compromised by hackers wanting to make long distance calls at some other entities expense. This activity faded as telephony became cheaper and PABX systems had countermeasures installed to overcome attacks. Now the world has moved onto the provision of telephony via broadband enabled Voice over Internet Protocol (VoIP) with this service now being provided as a replacement for conventional fixed wire telephony by major telecommunication providers worldwide. Due to increasing bandwidth it is possible for systems to support multiple voice connections simultaneously. The networked nature of the Internet allows for attackers of these VoIP …

Digital Records Forensics: A New Science And Academic Program For Forensic Readiness, Luciana Duranti, Barbara Endicott-Popovsky

Journal of Digital Forensics, Security and Law

This paper introduces the Digital Records Forensics project, a research endeavour located at the University of British Columbia in Canada and aimed at the development of a new science resulting from the integration of digital forensics with diplomatics, archival science, information science and the law of evidence, and of an interdisciplinary graduate degree program, called Digital Records Forensics Studies, directed to professionals working for law enforcement agencies, legal firms, courts, and all kind of institutions and business that require their services. The program anticipates the need for organizations to become “forensically ready,” defined by John Tan as “maximizing the ability …