Computer Law Commons^™

Detection Of Overlapping Passive Manipulation Techniques In Image Forensics, Gianna S. Lint, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

With a growing number of images uploaded daily to social media sites, it is essential to understand if an image can be used to trace its origin. Forensic investigations are focusing on analyzing images that are uploaded to social media sites resulting in an emphasis on building and validating tools. There has been a strong focus on understanding active manipulation or tampering techniques and building tools for analysis. However, research on manipulation is often studied in a vacuum, involving only one technique at a time. Additionally, less focus has been placed on passive manipulation, which can occur by simply uploading …

Anatomy Of An Internet Hijack And Interception Attack: A Global And Educational Perspective, Ben A. Scott, Michael N. Johnstone, Patryk Szewczyk

Annual ADFSL Conference on Digital Forensics, Security and Law

The Internet’s underlying vulnerable protocol infrastructure is a rich target for cyber crime, cyber espionage and cyber warfare operations. The stability and security of the Internet infrastructure are important to the function of global matters of state, critical infrastructure, global e-commerce and election systems. There are global approaches to tackle Internet security challenges that include governance, law, educational and technical perspectives. This paper reviews a number of approaches to these challenges, the increasingly surgical attacks that target the underlying vulnerable protocol infrastructure of the Internet, and the extant cyber security education curricula; we find the majority of predominant cyber security …

A Low-Cost Machine Learning Based Network Intrusion Detection System With Data Privacy Preservation, Jyoti Fakirah, Lauhim Mahfuz Zishan, Roshni Mooruth, Michael L. Johnstone, Wencheng Yang

Annual ADFSL Conference on Digital Forensics, Security and Law

Network intrusion is a well-studied area of cyber security. Current machine learning-based network intrusion detection systems (NIDSs) monitor network data and the patterns within those data but at the cost of presenting significant issues in terms of privacy violations which may threaten end-user privacy. Therefore, to mitigate risk and preserve a balance between security and privacy, it is imperative to protect user privacy with respect to intrusion data. Moreover, cost is a driver of a machine learning-based NIDS because such systems are increasingly being deployed on resource-limited edge devices. To solve these issues, in this paper we propose a NIDS …

Performance Assessment Of Some Phishing Predictive Models Based On Minimal Feature Corpus, Orunsolu Abdul Abiodun, Sodiya A.S, Kareem S.O, Oladimeji G. B Mr.

Journal of Digital Forensics, Security and Law

Phishing is currently one of the severest cybersecurity challenges facing the emerging online community. With damages running into millions of dollars in financial and brand losses, the sad tale of phishing activities continues unabated. This led to an arms race between the con artists and online security community which demand a constant investigation to win the cyberwar. In this paper, a new approach to phishing is investigated based on the concept of minimal feature set on some selected remarkable machine learning algorithms. The goal of this is to select and determine the most efficient machine learning methodology without undue high …

Don't Bite The Bait: Phishing Attack For Internet Banking (E-Banking), Ilker Kara

Journal of Digital Forensics, Security and Law

Phishing attacks are based on obtaining desired information from users quickly and easily with the help of misdirecting, panicking, curiosity, or excitement. Most of the phishing web sites are designed on internet banking(e-banking) and the attackers can acquire financial information of misled users with the tactics and discourses they develop. Despite the increase of prevention techniques against phishing attacks day by day, an effective solution could not be found for this issue due to the human factor. Because of this reason, real phishing attack studies are essential to study and analyze the attackers’ attack techniques and strategies. This study focused …

Building Legal Datasets, Jerrold Soh

Research Collection Yong Pung How School Of Law

Data-centric AI calls for better, not just bigger, datasets. As data protection laws with extra-territorial reach proliferate worldwide, ensuring datasets are legal is an increasingly crucial yet overlooked component of “better”. To help dataset builders become more willing and able to navigate this complex legal space, this paper reviews key legal obligations surrounding ML datasets, examines the practical impact of data laws on ML pipelines, and offers a framework for building legal datasets.

The Ratio Method: Addressing Complex Tort Liability In The Fourth Industrial Revolution, Harrison C. Margolin, Grant H. Frazier

St. Mary's Law Journal

Emerging technologies of the Fourth Industrial Revolution show fundamental promise for improving productivity and quality of life, though their misuse may also cause significant social disruption. For example, while artificial intelligence will be used to accelerate society’s processes, it may also displace millions of workers and arm cybercriminals with increasingly powerful hacking capabilities. Similarly, human gene editing shows promise for curing numerous diseases, but also raises significant concerns about adverse health consequences related to the corruption of human and pathogenic genomes.

In most instances, only specialists understand the growing intricacies of these novel technologies. As the complexity and speed of …

Effects Of Cloud Computing In The Workforce, Kevin Rossi Acosta

Cybersecurity Undergraduate Research Showcase

In recent years, the incorporation of cloud computing and cloud services has increased in many different types of organizations and companies. This paper will focus on the philosophical, economical, and political factors that cloud computing and cloud services have in the workforce and different organizations. Based on various scholarly articles and resources it was observed that organizations used cloud computing and cloud services to increase their overall productivity as well as decrease the overall cost of their operations, as well as the different policies that were created by lawmakers to control the realm of cloud computing. The results of this …

Internet Of Things Software And Hardware Architectures And Their Impacts On Forensic Investigations: Current Approaches And Challenges, Abel Alex Boozer, Arun John, Tathagata Mukherjee

Journal of Digital Forensics, Security and Law

The never-before-seen proliferation of interconnected low-power computing devices, patently dubbed the Internet of Things (IoT), is revolutionizing how people, organizations, and malicious actors interact with one another and the Internet. Many of these devices collect data in different forms, be it audio, location data, or user commands. In civil or criminal nature investigations, the data collected can act as evidence for the prosecution or the defense. This data can also be used as a component of cybersecurity efforts. When data is extracted from these devices, investigators are expected to do so using proven methods. Still, unfortunately, given the heterogeneity in …

The Survey On Cross-Border Collection Of Digital Evidence By Representatives From Polish Prosecutors’ Offices And Judicial Authorities, Paweł Olber Dr

Journal of Digital Forensics, Security and Law

Dynamic development of IT technology poses new challenges related to the cross-border collection of electronic evidence from the cloud. Many times investigators need to secure data stored on foreign servers directly and then look for solutions on how to turn the data into a legitimate source of evidence. To study the situation and propose solutions, I conducted a survey among Polish representatives of public prosecutors' offices and courts. This paper presents information from digital evidence collection practices across multiple jurisdictions. I stated that representatives from the prosecution and the judiciary in Poland are aware of the issues associated with cross-border …

Towards Cnl-Based Verbalization Of Computational Contracts, Inari Listenmaa, Maryam Hanafiah, Regina Cheong, Andreas Kallberg

Centre for Computational Law

We present a CNL, which is a component of L4, a domain-specific programming language for drafting laws and contracts. Along with formal verification, L4’s core functionalities include natural language generation. We present the NLG pipeline and an interactive process for ambiguity resolution.

The Promise And Limits Of Lawfulness: Inequality, Law, And The Techlash, Salomé Viljoen

Articles

In response to widespread skepticism about the recent rise of “tech ethics”, many critics have called for legal reform instead. In contrast with the “ethics response”, critics consider the “lawfulness response” more capable of disciplining the excesses of the technology industry. In fact, both are simultaneously vulnerable to industry capture and capable of advancing a more democratic egalitarian agenda for the information economy. Both ethics and law offer a terrain of contestation, rather than a predetermined set of commitments by which to achieve more democratic and egalitarian technological production. In advancing this argument, the essay focuses on two misunderstandings common …

An Economical Method For Securely Disintegrating Solid-State Drives Using Blenders, Brandon J. Hopkins Phd, Kevin A. Riggle

Journal of Digital Forensics, Security and Law

Pulverizing solid-state drives (SSDs) down to particles no larger than 2 mm is required by the United States National Security Agency (NSA) to ensure the highest level of data security, but commercial disintegrators that achieve this standard are large, heavy, costly, and often difficult to access globally. Here, we present a portable, inexpensive, and accessible method of pulverizing SSDs using a household blender and other readily available materials. We verify this approach by pulverizing SSDs with a variety of household blenders for fixed periods of time and sieve the resulting powder to ensure appropriate particle size. Among the 6 household …

Viability Of Consumer Grade Hardware For Learning Computer Forensics Principles, Lazaro A. Herrera

Journal of Digital Forensics, Security and Law

We propose utilizing budget consumer hardware and software to teach computer forensics principles and for non-case work, research and developing new techniques. Consumer grade hardware and free / open source software is more easily accessible in most developing markets and can be used as a first purchase for education, technique development and even when developing new techniques. These techniques should allow for small forensics laboratories or classroom settings to have the tooling and framework for trying existing forensics techniques or creating new forensics techniques on consumer grade hardware. We'll be testing how viable each individual piece of hardware is as …

Identification Of Lsb Image Steganography Using Cover Image Comparisons, Michael Pelosi, Chuck Easttom

Journal of Digital Forensics, Security and Law

Steganography has long been used to counter forensic investigation. This use of steganography as an anti-forensics technique is becoming more widespread. This requires forensic examiners to have additional tools to more effectively detect steganography. In this paper we introduce a new software concept specifically designed to allow the digital forensics professional to clearly identify and attribute instances of LSB image steganography by using the original cover image in side-by-side comparison with a suspected steganographic payload image. This technique is embodied in a software implementation named CounterSteg. The CounterSteg software allows detailed analysis and comparison of both the original cover …

Backup And Recovery Mechanisms Of Cassandra Database: A Review, Karina Bohora, Amol Bothe, Damini Sheth, Rupali Chopade, V. K. Pachghare

Journal of Digital Forensics, Security and Law

Cassandra is a NoSQL database having a peer-to-peer, ring-type architecture. Cassandra offers fault-tolerance, data replication for higher availability as well as ensures no single point of failure. Given that Cassandra is a NoSQL database, it is evident that it lacks the amount of research that has gone into comparatively older and more widely and broadly used SQL databases. Cassandra’s growing popularity in recent times gives rise to the need of addressing any security-related or recovery-related concerns associated with its usage. This review paper discusses the existing deletion mechanism in Cassandra and presents some identified issues related to backup and recovery …

Social Media User Relationship Framework (Smurf), Anne David, Sarah Morris, Gareth Appleby-Thomas

Journal of Digital Forensics, Security and Law

The use of social media has spread through many aspects of society, allowing millions of individuals, corporate as well as government entities to leverage the opportunities it affords. These opportunities often end up being exploited by a small percentage of the user community who use it for objectionable or unlawful activities; for example, trolling, cyber bullying, grooming, luring. In some cases, these unlawful activities result in investigations where swift retrieval of critical evidence required in order to save a life.

This paper presents a proof of concept (PoC) framework for social media user attribution. The framework aims to provide digital …

Administrative Law In The Automated State, Cary Coglianese

All Faculty Scholarship

In the future, administrative agencies will rely increasingly on digital automation powered by machine learning algorithms. Can U.S. administrative law accommodate such a future? Not only might a highly automated state readily meet longstanding administrative law principles, but the responsible use of machine learning algorithms might perform even better than the status quo in terms of fulfilling administrative law’s core values of expert decision-making and democratic accountability. Algorithmic governance clearly promises more accurate, data-driven decisions. Moreover, due to their mathematical properties, algorithms might well prove to be more faithful agents of democratic institutions. Yet even if an automated state were …

Towards Increasing Trust In Expert Evidence Derived From Malware Forensic Tools, Ian M. Kennedy, Blaine Price, Arosha Bandara

Journal of Digital Forensics, Security and Law

Following a series of high profile miscarriages of justice in the UK linked to questionable expert evidence, the post of the Forensic Science Regulator was created in 2008. The main objective of this role is to improve the standard of practitioner competences and forensic procedures. One of the key strategies deployed to achieve this is the push to incorporate a greater level of scientific conduct in the various fields of forensic practice. Currently there is no statutory requirement for practitioners to become accredited to continue working with the Criminal Justice System of England and Wales. However, the Forensic Science Regulator …

A Forensic First Look At A Pos Device: Searching For Pci Dss Data Storage Violations, Stephen Larson, James Jones, Jim Swauger

Journal of Digital Forensics, Security and Law

According to the Verizon 2018 Data Breach Investigations Report, 321 POS terminals (user devices) were involved in about 14% of the 2,216 data breaches in 2017 (Verizon, 2018). These data breaches involved standalone POS terminals as well as associated controller systems. This paper examines a standalone Point-of-Sale (POS) system which is ubiquitous in smaller retail stores and restaurants. An attempt to extract unencrypted data and identify possible violations of the Payment Card Industry Data Security Standard (PCI DSS) requirement to protect stored cardholder data were be made. Persistent storage (flash memory chips) were removed from the devices and their contents …

The Internet Never Forgets: Image-Based Sexual Abuse And The Workplace, John Schriner, Melody Lee Rood

Publications and Research

Image-based sexual abuse (IBSA), commonly known as revenge pornography, is a type of cyberharassment that often results in detrimental effects to an individual's career and livelihood. Although there exists valuable research concerning cyberharassment in the workplace generally, there is little written about specifically IBSA and the workplace. This chapter examines current academic research on IBSA, the issues with defining this type of abuse, victim blaming, workplace policy, and challenges to victim-survivors' redress. The authors explore monetary motivation for websites that host revenge pornography and unpack how the dark web presents new challenges to seeking justice. Additionally, this chapter presents recommendations …

Cryptography, Passwords, Privacy, And The Fifth Amendment, Gary C. Kessler, Ann M. Phillips

Journal of Digital Forensics, Security and Law

Military-grade cryptography has been widely available at no cost for personal and commercial use since the early 1990s. Since the introduction of Pretty Good Privacy (PGP), more and more people encrypt files and devices, and we are now at the point where our smartphones are encrypted by default. While this ostensibly provides users with a high degree of privacy, compelling a user to provide a password has been interpreted by some courts as a violation of our Fifth Amendment protections, becoming an often insurmountable hurdle to law enforcement lawfully executing a search warrant. This paper will explore some of the …

A Two-Stage Model For Social Network Investigations In Digital Forensics, Anne David, Sarah Morris, Gareth Appleby-Thomas

Journal of Digital Forensics, Security and Law

This paper proposes a two-stage model for identifying and contextualizing features from artefacts created as a result of social networking activity. This technique can be useful in digital investigations and is based on understanding and the deconstruction of the processes that take place prior to, during and after user activity; this includes corroborating artefacts. Digital Investigations are becoming more complex due to factors such as, the volume of data to be examined; different data formats; a wide range of sources for digital evidence; the volatility of data and the limitations of some of the standard digital forensic tools. This paper …

Should Judges Have A Duty Of Tech Competence?, John G. Browning

St. Mary's Journal on Legal Malpractice & Ethics

In an era in which lawyers are increasingly held to a higher standard of “tech competence” in their representation of clients, shouldn’t we similarly require judges to be conversant in relevant technology? Using real world examples of judicial missteps with or refusal to use technology, and drawn from actual cases and judicial disciplinary proceedings, this Article argues that in today’s Digital Age, judicial technological competence is necessary. At a time when courts themselves have proven vulnerable to cyberattacks, and when courts routinely tackle technology related issues like data privacy and the admissibility of digital evidence, Luddite judges are relics that …

Busting Myths And Dispelling Doubts About Covid-19, Mark Findlay

Research Collection Yong Pung How School Of Law

The Centre for AI and Data Governance (CAIDG) at Singapore Management University (SMU) has embarked over past months on a programme of research designed to confront concerns about the pandemic and its control. Our interest is primarily directed to the ways in which AI-assisted technologies and mass data sharing have become a feature of pandemic control strategies. We want to know what impact these developments are having on community confidence and health safety. In developing this work, we have come across many myths that need busting.

Literature Review: How U.S. Government Documents Are Addressing The Increasing National Security Implications Of Artificial Intelligence, Bert Chapman

Libraries Faculty and Staff Scholarship and Research

This article emphasizes the increasing importance of artificial intelligence (AI) in military and national security policy making. It seeks to inform interested individuals about the proliferation of publicly accessible U.S. government and military literature on this multifaceted topic. An additional objective of this endeavor is encouraging greater public awareness of and participation in emerging public policy debate on AI's moral and national security implications..

What’S In The Cloud? - An Examination Of The Impact Of Cloud Storage Usage On The Browser Cache., Graeme Horsman

Journal of Digital Forensics, Security and Law

Cloud storage is now a well established and popular service adopted by many individuals, often at limited or no cost. It provides users with the ability to store content on a cloud service provider’s infrastructure offering the benefit of redundancy, reliability, security, flexibility of access and the potential assumed liability of the provider for data loss within the contexts of a licensing agreement. Consequently, this form of remote storage provides a regulatory challenge as content which once resided upon a seized digital exhibit, available for scrutiny during a digital forensic investigatory, may no longer be present where attempting to acquire …

An Evaluation Of Data Erasing Tools, Andrew Jones, Isaac Afrifa

Journal of Digital Forensics, Security and Law

The permanent removal of data from media is a major area of concern mainly because of the misconception that once a file is deleted or storage media is formatted, it cannot be recovered. There has been the development of both commercial and freeware data erasing tools, which all claim complete file or disk erasure. This report analyzes the efficiency of a number of these tools in performing erasures on an electromechanical drive. It focuses on a selection of popular and modern erasing tools; taking into consideration their usability, claimed erasing standards and whether they perform complete data erasure with the …

Developing Open Source Software Using Version Control Systems: An Introduction To The Git Language For Documenting Your Computational Research, Jared D. Smith, Jonathan D. Herman

All ECSTATIC Materials

Version control systems track the history of code as it is committed (saved) by any number of developers. Have you made a coding error and cannot debug it? Version control systems allow for resetting code back to when it worked, and show what code has changed since previous commits.

The contents of this lecture provide an introduction to the git version control language, GitHub for cloud hosting open source code repositories, and tutorials that demonstrate common and useful git and GitHub practices. This lecture is intended to be coupled with a discussion on creating reproducible computational research.

The zipped folder …

Teaching Data Carving Using The Real World Problem Of Text Message Extraction From Unstructured Mobile Device Data Dumps, Gary D. Cantrell, Joan Runs Through

Journal of Digital Forensics, Security and Law

Data carving is a technique used in data recovery to isolate and extract files based on file content without any file system guidance. It is an important part of data recovery and digital forensics, but it is also useful in teaching computer science students about file structure and binary encoding of information especially within a digital forensics program. This work demonstrates how the authors teach data carving using a real world problem they encounter in digital forensics evidence processing involving the extracting of text messages from unstructured small device binary extractions. The authors have used this problem for instruction in …