Computer Law Commons^™

Towards Increasing Trust In Expert Evidence Derived From Malware Forensic Tools, Ian M. Kennedy, Blaine Price, Arosha Bandara

Journal of Digital Forensics, Security and Law

Following a series of high profile miscarriages of justice in the UK linked to questionable expert evidence, the post of the Forensic Science Regulator was created in 2008. The main objective of this role is to improve the standard of practitioner competences and forensic procedures. One of the key strategies deployed to achieve this is the push to incorporate a greater level of scientific conduct in the various fields of forensic practice. Currently there is no statutory requirement for practitioners to become accredited to continue working with the Criminal Justice System of England and Wales. However, the Forensic Science Regulator …

A Forensic First Look At A Pos Device: Searching For Pci Dss Data Storage Violations, Stephen Larson, James Jones, Jim Swauger

Journal of Digital Forensics, Security and Law

According to the Verizon 2018 Data Breach Investigations Report, 321 POS terminals (user devices) were involved in about 14% of the 2,216 data breaches in 2017 (Verizon, 2018). These data breaches involved standalone POS terminals as well as associated controller systems. This paper examines a standalone Point-of-Sale (POS) system which is ubiquitous in smaller retail stores and restaurants. An attempt to extract unencrypted data and identify possible violations of the Payment Card Industry Data Security Standard (PCI DSS) requirement to protect stored cardholder data were be made. Persistent storage (flash memory chips) were removed from the devices and their contents …

The Internet Never Forgets: Image-Based Sexual Abuse And The Workplace, John Schriner, Melody Lee Rood

Publications and Research

Image-based sexual abuse (IBSA), commonly known as revenge pornography, is a type of cyberharassment that often results in detrimental effects to an individual's career and livelihood. Although there exists valuable research concerning cyberharassment in the workplace generally, there is little written about specifically IBSA and the workplace. This chapter examines current academic research on IBSA, the issues with defining this type of abuse, victim blaming, workplace policy, and challenges to victim-survivors' redress. The authors explore monetary motivation for websites that host revenge pornography and unpack how the dark web presents new challenges to seeking justice. Additionally, this chapter presents recommendations …

Cryptography, Passwords, Privacy, And The Fifth Amendment, Gary C. Kessler, Ann M. Phillips

Journal of Digital Forensics, Security and Law

Military-grade cryptography has been widely available at no cost for personal and commercial use since the early 1990s. Since the introduction of Pretty Good Privacy (PGP), more and more people encrypt files and devices, and we are now at the point where our smartphones are encrypted by default. While this ostensibly provides users with a high degree of privacy, compelling a user to provide a password has been interpreted by some courts as a violation of our Fifth Amendment protections, becoming an often insurmountable hurdle to law enforcement lawfully executing a search warrant. This paper will explore some of the …

A Two-Stage Model For Social Network Investigations In Digital Forensics, Anne David, Sarah Morris, Gareth Appleby-Thomas

Journal of Digital Forensics, Security and Law

This paper proposes a two-stage model for identifying and contextualizing features from artefacts created as a result of social networking activity. This technique can be useful in digital investigations and is based on understanding and the deconstruction of the processes that take place prior to, during and after user activity; this includes corroborating artefacts. Digital Investigations are becoming more complex due to factors such as, the volume of data to be examined; different data formats; a wide range of sources for digital evidence; the volatility of data and the limitations of some of the standard digital forensic tools. This paper …

Should Judges Have A Duty Of Tech Competence?, John G. Browning

St. Mary's Journal on Legal Malpractice & Ethics

In an era in which lawyers are increasingly held to a higher standard of “tech competence” in their representation of clients, shouldn’t we similarly require judges to be conversant in relevant technology? Using real world examples of judicial missteps with or refusal to use technology, and drawn from actual cases and judicial disciplinary proceedings, this Article argues that in today’s Digital Age, judicial technological competence is necessary. At a time when courts themselves have proven vulnerable to cyberattacks, and when courts routinely tackle technology related issues like data privacy and the admissibility of digital evidence, Luddite judges are relics that …

Busting Myths And Dispelling Doubts About Covid-19, Mark Findlay

Research Collection Yong Pung How School Of Law

The Centre for AI and Data Governance (CAIDG) at Singapore Management University (SMU) has embarked over past months on a programme of research designed to confront concerns about the pandemic and its control. Our interest is primarily directed to the ways in which AI-assisted technologies and mass data sharing have become a feature of pandemic control strategies. We want to know what impact these developments are having on community confidence and health safety. In developing this work, we have come across many myths that need busting.

Literature Review: How U.S. Government Documents Are Addressing The Increasing National Security Implications Of Artificial Intelligence, Bert Chapman

Libraries Faculty and Staff Scholarship and Research

This article emphasizes the increasing importance of artificial intelligence (AI) in military and national security policy making. It seeks to inform interested individuals about the proliferation of publicly accessible U.S. government and military literature on this multifaceted topic. An additional objective of this endeavor is encouraging greater public awareness of and participation in emerging public policy debate on AI's moral and national security implications..

What’S In The Cloud? - An Examination Of The Impact Of Cloud Storage Usage On The Browser Cache., Graeme Horsman

Journal of Digital Forensics, Security and Law

Cloud storage is now a well established and popular service adopted by many individuals, often at limited or no cost. It provides users with the ability to store content on a cloud service provider’s infrastructure offering the benefit of redundancy, reliability, security, flexibility of access and the potential assumed liability of the provider for data loss within the contexts of a licensing agreement. Consequently, this form of remote storage provides a regulatory challenge as content which once resided upon a seized digital exhibit, available for scrutiny during a digital forensic investigatory, may no longer be present where attempting to acquire …

An Evaluation Of Data Erasing Tools, Andrew Jones, Isaac Afrifa

Journal of Digital Forensics, Security and Law

The permanent removal of data from media is a major area of concern mainly because of the misconception that once a file is deleted or storage media is formatted, it cannot be recovered. There has been the development of both commercial and freeware data erasing tools, which all claim complete file or disk erasure. This report analyzes the efficiency of a number of these tools in performing erasures on an electromechanical drive. It focuses on a selection of popular and modern erasing tools; taking into consideration their usability, claimed erasing standards and whether they perform complete data erasure with the …

Developing Open Source Software Using Version Control Systems: An Introduction To The Git Language For Documenting Your Computational Research, Jared D. Smith, Jonathan D. Herman

All ECSTATIC Materials

Version control systems track the history of code as it is committed (saved) by any number of developers. Have you made a coding error and cannot debug it? Version control systems allow for resetting code back to when it worked, and show what code has changed since previous commits.

The contents of this lecture provide an introduction to the git version control language, GitHub for cloud hosting open source code repositories, and tutorials that demonstrate common and useful git and GitHub practices. This lecture is intended to be coupled with a discussion on creating reproducible computational research.

The zipped folder …

Teaching Data Carving Using The Real World Problem Of Text Message Extraction From Unstructured Mobile Device Data Dumps, Gary D. Cantrell, Joan Runs Through

Journal of Digital Forensics, Security and Law

Data carving is a technique used in data recovery to isolate and extract files based on file content without any file system guidance. It is an important part of data recovery and digital forensics, but it is also useful in teaching computer science students about file structure and binary encoding of information especially within a digital forensics program. This work demonstrates how the authors teach data carving using a real world problem they encounter in digital forensics evidence processing involving the extracting of text messages from unstructured small device binary extractions. The authors have used this problem for instruction in …

Cyber-Security Risks Of Fedwire, Mark J. Bilger

Journal of Digital Forensics, Security and Law

This paper will review the risks associated with the Federal Reserve's Fedwire network as a key resource necessary for the efficient function of the American financial system. It will examine the business model of the Fedwire system of real-time interbank transfers, the network characteristics of Fedwire, and the possibility of a successful attack on Fedwire and its potential impact on the U.S. financial system.

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Securing Technological Privacy: Modernizing The Texas Disciplinary Rules Of Professional Conduct To Protect Electronic Data, Ashley "Nikki" Vega

St. Mary's Journal on Legal Malpractice & Ethics

This comment explains how and why the Texas Disciplinary Rules of Professional Conduct (the “Texas Disciplinary Rules”) should be updated to reflect the modernization of technology. Lawyers must keep abreast of changes in the law and its practices; including those which are technological in nature. The American Bar Association (the “ABA”) recently amended the “technology provisions” of its Model Rules of Professional Conduct (the “Model Rules”); namely Rule 1.1 “Competence” and Rule 1.6 “Confidentiality of Information” in order to keep up with the benefits and risks associated with technology in the legal profession. Additionally, over half of all jurisdictions have …

Transactional Scripts In Contract Stacks, Shaanan Cohney, David A. Hoffman

All Faculty Scholarship

Deals accomplished through software persistently residing on computer networks—sometimes called smart contracts, but better termed transactional scripts—embody a potentially revolutionary contracting innovation. Ours is the first precise account in the legal literature of how such scripts are created, and when they produce errors of legal significance.

Scripts’ most celebrated use case is for transactions operating exclusively on public, permissionless, blockchains: such exchanges eliminate the need for trusted intermediaries and seem to permit parties to commit ex ante to automated performance. But public transactional scripts are costly both to develop and execute, with significant fees imposed for data storage. Worse, bugs …